From a23bd29e52cdcc9df8c17bfda69f2a3496a17328 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Sun, 18 Feb 2024 14:18:39 -0800 Subject: [PATCH] fix cve report generator workflow Signed-off-by: Tamal Saha --- .github/workflows/cve-report.yml | 3 +- cmd/generate-cve-report/main.go | 2 - cve.json | 389 ------------------------------- go.mod | 2 +- 4 files changed, 3 insertions(+), 393 deletions(-) delete mode 100644 cve.json diff --git a/.github/workflows/cve-report.yml b/.github/workflows/cve-report.yml index 68ad65584..e30f2d0d4 100644 --- a/.github/workflows/cve-report.yml +++ b/.github/workflows/cve-report.yml @@ -62,13 +62,14 @@ jobs: - name: Generate report run: | + ./hack/scripts/update-chart-dependencies.sh go run ./cmd/generate-cve-report/main.go - name: Update repo run: | git add --all if [[ $(git status --porcelain) ]]; then - git commit -s -a -m "update redis images $(date --rfc-3339=date)" + git commit -s -a -m "update cve report $(date --rfc-3339=date)" git fetch origin # https://git-scm.com/docs/merge-strategies git pull --rebase -s ours origin master diff --git a/cmd/generate-cve-report/main.go b/cmd/generate-cve-report/main.go index c3c78d16a..a994a6fa4 100644 --- a/cmd/generate-cve-report/main.go +++ b/cmd/generate-cve-report/main.go @@ -137,8 +137,6 @@ func GatherReport() ([]CVEReport, error) { setReport(report, &cveReport) } reports = append(reports, cveReport) - - break } return reports, nil diff --git a/cve.json b/cve.json deleted file mode 100644 index 297aaa2da..000000000 --- a/cve.json +++ /dev/null @@ -1,389 +0,0 @@ -{ - "SchemaVersion": 2, - "CreatedAt": "2024-02-18T13:53:57.294382-08:00", - "ArtifactName": "ghcr.io/appscode-images/postgres:14.10-alpine", - "ArtifactType": "container_image", - "Metadata": { - "OS": { - "Family": "alpine", - "Name": "3.19.0" - }, - "ImageID": "sha256:c4a113df1b3cabb288cc11fa05b1229c9f9f4d277c5054edd55567cd2e3cd205", - "DiffIDs": [ - "sha256:5af4f8f59b764c64c6def53f52ada809fe38d528441d08d01c206dfb3fc3b691", - "sha256:e30ac593e092c93983829fdb621ce97f272538994d9169a779f0cd97fb73bc5f", - "sha256:c404850221249c7e75c21c36c82b91ac648f83461c0c74c6e86f2d3a19a8e458", - "sha256:7da87943d631f4f58acd81f4e9e207b1ff1bf7417b8d3b00c95f654eca10fcfe", - "sha256:0a315bf9d4e863248da7ac8ea17ffa18dc10305502d2d1d6bd3aec16add3d756", - "sha256:9046923002471039194e061ae86bd0f1ca7e8d6fa3563f95a7a060d582709fd9", - "sha256:5c39e9c80564d74d6e56a80d92fd8e306ceeb154632fff8290d1e615319d13e7", - "sha256:5b3efdd3aff333e1aea863c3774bdd9c7575647da2144099fb797e9bcb6e8b4d", - "sha256:46d751f7a9837755f3ca3062712125f6f0f573bd8a7b26d767f5e6c35c606667" - ], - "RepoTags": [ - "ghcr.io/appscode-images/postgres:14.10-alpine" - ], - "RepoDigests": [ - "ghcr.io/appscode-images/postgres@sha256:b6915561b48380af58fac455975fb24cbe3149b7e2fb6ca93a8284be791fb378" - ], - "ImageConfig": { - "architecture": "amd64", - "created": "2024-01-17T21:35:47.824955815Z", - "history": [ - { - "created": "2023-12-08T01:20:49.493752696Z", - "created_by": "/bin/sh -c #(nop) ADD file:1f4eb46669b5b6275af19eb7471a6899a61c276aa7d925b8ae99310b14b75b92 in / " - }, - { - "created": "2023-12-08T01:20:49.650406179Z", - "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", - "empty_layer": true - }, - { - "created": "2024-01-17T21:33:46.234228987Z", - "created_by": "RUN /bin/sh -c set -eux; \taddgroup -g 70 -S postgres; \tadduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \tmkdir -p /var/lib/postgresql; \tchown -R postgres:postgres /var/lib/postgresql # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-17T21:33:46.450563321Z", - "created_by": "ENV LANG=en_US.utf8", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:33:46.450563321Z", - "created_by": "RUN /bin/sh -c mkdir /docker-entrypoint-initdb.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-17T21:33:46.450563321Z", - "created_by": "ENV PG_MAJOR=14", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:33:46.450563321Z", - "created_by": "ENV PG_VERSION=14.10", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:33:46.450563321Z", - "created_by": "ENV PG_SHA256=c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:33:46.450563321Z", - "created_by": "ENV DOCKER_PG_LLVM_DEPS=llvm15-dev \t\tclang15", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:35:46.751386511Z", - "created_by": "RUN /bin/sh -c set -eux; \t\twget -O postgresql.tar.bz2 \"https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2\"; \techo \"$PG_SHA256 *postgresql.tar.bz2\" | sha256sum -c -; \tmkdir -p /usr/src/postgresql; \ttar \t\t--extract \t\t--file postgresql.tar.bz2 \t\t--directory /usr/src/postgresql \t\t--strip-components 1 \t; \trm postgresql.tar.bz2; \t\tapk add --no-cache --virtual .build-deps \t\t$DOCKER_PG_LLVM_DEPS \t\tbison \t\tcoreutils \t\tdpkg-dev dpkg \t\tflex \t\tg++ \t\tgcc \t\tkrb5-dev \t\tlibc-dev \t\tlibedit-dev \t\tlibxml2-dev \t\tlibxslt-dev \t\tlinux-headers \t\tmake \t\topenldap-dev \t\topenssl-dev \t\tperl-dev \t\tperl-ipc-run \t\tperl-utils \t\tpython3-dev \t\ttcl-dev \t\tutil-linux-dev \t\tzlib-dev \t\ticu-dev \t\tlz4-dev \t; \t\tcd /usr/src/postgresql; \tawk '$1 == \"#define\" \u0026\u0026 $2 == \"DEFAULT_PGSOCKET_DIR\" \u0026\u0026 $3 == \"\\\"/tmp\\\"\" { $3 = \"\\\"/var/run/postgresql\\\"\"; print; next } { print }' src/include/pg_config_manual.h \u003e src/include/pg_config_manual.h.new; \tgrep '/var/run/postgresql' src/include/pg_config_manual.h.new; \tmv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \twget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \twget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \t\texport LLVM_CONFIG=\"/usr/lib/llvm15/bin/llvm-config\"; \texport CLANG=clang-15; \t\t./configure \t\t--enable-option-checking=fatal \t\t--build=\"$gnuArch\" \t\t--enable-integer-datetimes \t\t--enable-thread-safety \t\t--enable-tap-tests \t\t--disable-rpath \t\t--with-uuid=e2fs \t\t--with-gnu-ld \t\t--with-pgport=5432 \t\t--with-system-tzdata=/usr/share/zoneinfo \t\t--prefix=/usr/local \t\t--with-includes=/usr/local/include \t\t--with-libraries=/usr/local/lib \t\t--with-gssapi \t\t--with-ldap \t\t--with-tcl \t\t--with-perl \t\t--with-python \t\t--with-openssl \t\t--with-libxml \t\t--with-libxslt \t\t--with-icu \t\t--with-llvm \t\t--with-lz4 \t; \tmake -j \"$(nproc)\" world; \tmake install-world; \tmake -C contrib install; \t\trunDeps=\"$( \t\tscanelf --needed --nobanner --format '%n#p' --recursive /usr/local \t\t\t| tr ',' '\\n' \t\t\t| sort -u \t\t\t| awk 'system(\"[ -e /usr/local/lib/\" $1 \" ]\") == 0 { next } { print \"so:\" $1 }' \t\t\t| grep -v -e perl -e python -e tcl \t)\"; \tapk add --no-cache --virtual .postgresql-rundeps \t\t$runDeps \t\tbash \t\tsu-exec \t\ttzdata \t\tzstd \t\ticu-data-full \t\t$([ \"$(apk --print-arch)\" != 'ppc64le' ] \u0026\u0026 echo 'nss_wrapper') \t; \tapk del --no-network .build-deps; \tcd /; \trm -rf \t\t/usr/src/postgresql \t\t/usr/local/share/doc \t\t/usr/local/share/man \t; \t\tpostgres --version # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-17T21:35:46.937180027Z", - "created_by": "RUN /bin/sh -c set -eux; \tcp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \tsed -ri \"s!^#?(listen_addresses)\\s*=\\s*\\S+.*!\\1 = '*'!\" /usr/local/share/postgresql/postgresql.conf.sample; \tgrep -F \"listen_addresses = '*'\" /usr/local/share/postgresql/postgresql.conf.sample # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-17T21:35:47.217506588Z", - "created_by": "RUN /bin/sh -c mkdir -p /var/run/postgresql \u0026\u0026 chown -R postgres:postgres /var/run/postgresql \u0026\u0026 chmod 3777 /var/run/postgresql # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-17T21:35:47.217506588Z", - "created_by": "ENV PGDATA=/var/lib/postgresql/data", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:35:47.533966133Z", - "created_by": "RUN /bin/sh -c mkdir -p \"$PGDATA\" \u0026\u0026 chown -R postgres:postgres \"$PGDATA\" \u0026\u0026 chmod 1777 \"$PGDATA\" # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-17T21:35:47.533966133Z", - "created_by": "VOLUME [/var/lib/postgresql/data]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:35:47.543649377Z", - "created_by": "COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-17T21:35:47.824955815Z", - "created_by": "RUN /bin/sh -c ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-17T21:35:47.824955815Z", - "created_by": "ENTRYPOINT [\"docker-entrypoint.sh\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:35:47.824955815Z", - "created_by": "STOPSIGNAL SIGINT", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:35:47.824955815Z", - "created_by": "EXPOSE map[5432/tcp:{}]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-17T21:35:47.824955815Z", - "created_by": "CMD [\"postgres\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - } - ], - "os": "linux", - "rootfs": { - "type": "layers", - "diff_ids": [ - "sha256:5af4f8f59b764c64c6def53f52ada809fe38d528441d08d01c206dfb3fc3b691", - "sha256:e30ac593e092c93983829fdb621ce97f272538994d9169a779f0cd97fb73bc5f", - "sha256:c404850221249c7e75c21c36c82b91ac648f83461c0c74c6e86f2d3a19a8e458", - "sha256:7da87943d631f4f58acd81f4e9e207b1ff1bf7417b8d3b00c95f654eca10fcfe", - "sha256:0a315bf9d4e863248da7ac8ea17ffa18dc10305502d2d1d6bd3aec16add3d756", - "sha256:9046923002471039194e061ae86bd0f1ca7e8d6fa3563f95a7a060d582709fd9", - "sha256:5c39e9c80564d74d6e56a80d92fd8e306ceeb154632fff8290d1e615319d13e7", - "sha256:5b3efdd3aff333e1aea863c3774bdd9c7575647da2144099fb797e9bcb6e8b4d", - "sha256:46d751f7a9837755f3ca3062712125f6f0f573bd8a7b26d767f5e6c35c606667" - ] - }, - "config": { - "Cmd": [ - "postgres" - ], - "Entrypoint": [ - "docker-entrypoint.sh" - ], - "Env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "LANG=en_US.utf8", - "PG_MAJOR=14", - "PG_VERSION=14.10", - "PG_SHA256=c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399", - "DOCKER_PG_LLVM_DEPS=llvm15-dev \t\tclang15", - "PGDATA=/var/lib/postgresql/data" - ], - "Volumes": { - "/var/lib/postgresql/data": {} - }, - "ExposedPorts": { - "5432/tcp": {} - }, - "ArgsEscaped": true, - "StopSignal": "SIGINT" - } - } - }, - "Results": [ - { - "Target": "ghcr.io/appscode-images/postgres:14.10-alpine (alpine 3.19.0)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2024-0727", - "PkgID": "libcrypto3@3.1.4-r4", - "PkgName": "libcrypto3", - "PkgIdentifier": { - "PURL": "pkg:apk/alpine/libcrypto3@3.1.4-r4?arch=x86_64\u0026distro=3.19.0" - }, - "InstalledVersion": "3.1.4-r4", - "FixedVersion": "3.1.4-r5", - "Status": "fixed", - "Layer": { - "Digest": "sha256:3f00c5a2ae244665f3fa8ea6b203f0806d1bb3c20cdb5f8b70aa356466d13eff", - "DiffID": "sha256:7da87943d631f4f58acd81f4e9e207b1ff1bf7417b8d3b00c95f654eca10fcfe" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "openssl: denial of service via null dereference", - "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", - "Severity": "MEDIUM", - "VendorSeverity": { - "ghsa": 2, - "nvd": 2, - "photon": 2, - "redhat": 1, - "ubuntu": 1 - }, - "CVSS": { - "ghsa": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - }, - "nvd": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://access.redhat.com/security/cve/CVE-2024-0727", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", - "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", - "https://github.com/github/advisory-database/pull/3472", - "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", - "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", - "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", - "https://github.com/openssl/openssl/pull/23362", - "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", - "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", - "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", - "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", - "https://security.netapp.com/advisory/ntap-20240208-0006", - "https://security.netapp.com/advisory/ntap-20240208-0006/", - "https://ubuntu.com/security/notices/USN-6622-1", - "https://ubuntu.com/security/notices/USN-6632-1", - "https://www.cve.org/CVERecord?id=CVE-2024-0727", - "https://www.openssl.org/news/secadv/20240125.txt" - ], - "PublishedDate": "2024-01-26T09:15:07.637Z", - "LastModifiedDate": "2024-02-08T10:15:13.91Z" - }, - { - "VulnerabilityID": "CVE-2024-0727", - "PkgID": "libssl3@3.1.4-r4", - "PkgName": "libssl3", - "PkgIdentifier": { - "PURL": "pkg:apk/alpine/libssl3@3.1.4-r4?arch=x86_64\u0026distro=3.19.0" - }, - "InstalledVersion": "3.1.4-r4", - "FixedVersion": "3.1.4-r5", - "Status": "fixed", - "Layer": { - "Digest": "sha256:3f00c5a2ae244665f3fa8ea6b203f0806d1bb3c20cdb5f8b70aa356466d13eff", - "DiffID": "sha256:7da87943d631f4f58acd81f4e9e207b1ff1bf7417b8d3b00c95f654eca10fcfe" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "openssl: denial of service via null dereference", - "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", - "Severity": "MEDIUM", - "VendorSeverity": { - "ghsa": 2, - "nvd": 2, - "photon": 2, - "redhat": 1, - "ubuntu": 1 - }, - "CVSS": { - "ghsa": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - }, - "nvd": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://access.redhat.com/security/cve/CVE-2024-0727", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", - "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", - "https://github.com/github/advisory-database/pull/3472", - "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", - "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", - "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", - "https://github.com/openssl/openssl/pull/23362", - "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", - "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", - "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", - "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", - "https://security.netapp.com/advisory/ntap-20240208-0006", - "https://security.netapp.com/advisory/ntap-20240208-0006/", - "https://ubuntu.com/security/notices/USN-6622-1", - "https://ubuntu.com/security/notices/USN-6632-1", - "https://www.cve.org/CVERecord?id=CVE-2024-0727", - "https://www.openssl.org/news/secadv/20240125.txt" - ], - "PublishedDate": "2024-01-26T09:15:07.637Z", - "LastModifiedDate": "2024-02-08T10:15:13.91Z" - }, - { - "VulnerabilityID": "CVE-2024-25062", - "PkgID": "libxml2@2.11.6-r0", - "PkgName": "libxml2", - "PkgIdentifier": { - "PURL": "pkg:apk/alpine/libxml2@2.11.6-r0?arch=x86_64\u0026distro=3.19.0" - }, - "InstalledVersion": "2.11.6-r0", - "FixedVersion": "2.11.7-r0", - "Status": "fixed", - "Layer": { - "Digest": "sha256:3f00c5a2ae244665f3fa8ea6b203f0806d1bb3c20cdb5f8b70aa356466d13eff", - "DiffID": "sha256:7da87943d631f4f58acd81f4e9e207b1ff1bf7417b8d3b00c95f654eca10fcfe" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-25062", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "libxml2: use-after-free in XMLReader", - "Description": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "VendorSeverity": { - "nvd": 3, - "redhat": 2, - "ubuntu": 2 - }, - "CVSS": { - "nvd": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.9 - } - }, - "References": [ - "https://access.redhat.com/security/cve/CVE-2024-25062", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", - "https://gitlab.gnome.org/GNOME/libxml2/-/tags", - "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", - "https://www.cve.org/CVERecord?id=CVE-2024-25062" - ], - "PublishedDate": "2024-02-04T16:15:45.12Z", - "LastModifiedDate": "2024-02-13T00:40:40.503Z" - } - ] - } - ] -} diff --git a/go.mod b/go.mod index 0bc86442c..486360f15 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module kubedb.dev/installer -go 1.21.6 +go 1.21.5 toolchain go1.21.7