Welcome to the sbom-utility! Version `latest` (sbom-utility) (darwin/arm64) =========================================================================== [INFO] Loading (embedded) default schema config file: `config.json`... [INFO] Loading (embedded) default license policy file: `license.json`... [INFO] Reading file (--input-file): `nats-box-49.sbom.json` ... [INFO] Reading file (--input-revision): `nats-box-50.sbom.json` ... [INFO] Comparing files: `nats-box-49.sbom.json` (base) to `nats-box-50.sbom.json` (revised) ... [INFO] Outputting listing (`txt` format)... { "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "components": [ 0: { - "bom-ref": "1041129c-b3a8-4896-9ba4-cf92e58ed5d2", + "bom-ref": "00d71201-cd27-4648-ad71-190cd4b4abf8", - "name": "usr/local/bin/nsc", + "name": "github.com/nats-io/nkeys", "properties": [ + 0: { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" + }, 0: { "name": "aquasecurity:trivy:Class", "value": "lang-pkgs" } 1: { - "name": "aquasecurity:trivy:Class", + "name": "aquasecurity:trivy:LayerDigest", - "value": "lang-pkgs" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" } ], - "type": "application" + "type": "library" + "purl": "pkg:golang/github.com/nats-io/nkeys@v0.1.4" + "version": "v0.1.4" }, 1: { - "bom-ref": "4ce1b5d8-fb7a-4506-9c92-ff2ca0de8e69", + "bom-ref": "02c6e323-75c9-41ad-a48b-ea236df51a1a", - "name": "usr/local/bin/nats", + "name": "github.com/AlecAivazis/survey/v2", "properties": [ + 0: { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" + }, 0: { "name": "aquasecurity:trivy:Class", "value": "lang-pkgs" } 1: { - "name": "aquasecurity:trivy:Class", + "name": "aquasecurity:trivy:LayerDigest", - "value": "lang-pkgs" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" } ], - "type": "application" + "type": "library" + "purl": "pkg:golang/github.com/alecaivazis/survey/v2@v2.2.12" + "version": "v2.2.12" }, 2: { - "bom-ref": "cca71fe4-4ff2-41e1-8078-5e584c508a31", + "bom-ref": "036e29ed-0565-4dff-be02-dc8e2b0376d7", - "name": "alpine", + "name": "github.com/fatih/color", "properties": [ + 0: { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" + }, 0: { "name": "aquasecurity:trivy:Class", "value": "os-pkgs" } 1: { - "name": "aquasecurity:trivy:Class", + "name": "aquasecurity:trivy:LayerDigest", - "value": "os-pkgs" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" } ], - "type": "operating-system", + "type": "library", - "version": "3.18.4" + "version": "v1.10.0" + "purl": "pkg:golang/github.com/fatih/color@v1.10.0" }, + 3: { + "bom-ref": "1044da61-152a-465b-8952-c9e949247616", + "name": "github.com/kballard/go-shellquote", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "gobinary" + } + ], + "purl": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", + "type": "library", + "version": "v0.0.0-20180428030007-95032a82bc51" + }, 3: { "bom-ref": "def80684-0ff2-4775-b7df-93952a5dd40e", "name": "usr/local/bin/nats-top", "properties": [ : { "name": "aquasecurity:trivy:Class", "value": "lang-pkgs" }, : { "name": "aquasecurity:trivy:Type", "value": "gobinary" } ], "type": "application" }, 4: { - "bom-ref": "def80684-0ff2-4775-b7df-93952a5dd40e", + "bom-ref": "17d6a00d-ad1c-422f-ab52-07d021d4d62a", "hashes": [ : { "alg": "SHA-1", "content": "602007ee374ed96f35e9bf39b1487d67c6afe027" } ], "licenses": [ : { "license": { "name": "GPL-2.0" } } ], - "name": "usr/local/bin/nats-top", + "name": "usr/local/bin/stan-sub", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" }, : { "name": "aquasecurity:trivy:PkgID", "value": "alpine-baselayout-data@3.4.3-r1" }, : { "name": "aquasecurity:trivy:PkgType", "value": "alpine" }, : { "name": "aquasecurity:trivy:SrcName", "value": "alpine-baselayout" }, : { "name": "aquasecurity:trivy:SrcVersion", "value": "3.4.3-r1" } ], "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", "type": "library", "version": "3.4.3-r1" }, 5: { - "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", + "bom-ref": "1f71cc2c-4dae-4721-a209-956d08b69871", - "hashes": [ - : { - "alg": "SHA-1", - "content": "602007ee374ed96f35e9bf39b1487d67c6afe027" - } - ], - "licenses": [ - : { - "license": { - "name": "GPL-2.0" - } - } - ], - "name": "alpine-baselayout-data", + "name": "github.com/xlab/tablewriter", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "alpine-baselayout-data@3.4.3-r1" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "alpine-baselayout" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "alpine-baselayout" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "3.4.3-r1" } ], - "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5", "type": "library", - "version": "3.4.3-r1" + "version": "v0.0.0-20160610135559-80b567a11ad5" }, 6: { - "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4", + "bom-ref": "232a0439-a241-452a-be09-f5d63c6335ef", - "hashes": [ - : { - "alg": "SHA-1", - "content": "cf0bca32762cd5be9974f4c127467b0f93f78f20" - } - ], - "licenses": [ - : { - "license": { - "name": "GPL-2.0" - } - } - ], - "name": "alpine-baselayout", + "name": "github.com/nats-io/nats.go", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "alpine-baselayout@3.4.3-r1" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "alpine-baselayout" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "alpine-baselayout" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "2.4-r1" } ], - "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.0", "type": "library", - "version": "3.4.3-r1" + "version": "v1.10.0" }, 7: { - "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4", + "bom-ref": "26b20f66-3994-4e05-adb5-c3a663fdc0d3", - "hashes": [ - : { - "alg": "SHA-1", - "content": "ec3a3d5ef4c7a168d09516097bb3219ca77c1534" - } - ], - "licenses": [ - : { - "license": { - "name": "MIT" - } - } - ], - "name": "alpine-keys", + "name": "github.com/nats-io/nuid", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "alpine-keys@2.4-r1" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "alpine-keys" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "alpine-keys" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "2.14.0-r2" } ], - "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1", "type": "library", - "version": "2.4-r1" + "version": "v1.0.1" }, 8: { - "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4", + "bom-ref": "2ce6cbe0-970f-4185-9e29-4e61713b2391", - "hashes": [ - : { - "alg": "SHA-1", - "content": "8cde25f239ebf691cd135a3954e5193c1ac2ae13" - } - ], - "licenses": [ - : { - "license": { - "name": "GPL-2.0" - } - } - ], - "name": "apk-tools", + "name": "github.com/nats-io/nuid", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "apk-tools@2.14.0-r2" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "apk-tools" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "apk-tools" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.0.9-r14" } ], - "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1", "type": "library", - "version": "2.14.0-r2" + "version": "v1.0.1" }, 9: { - "bom-ref": "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4", + "bom-ref": "2dabc52f-279a-4393-91e6-5b3034b68d60", - "hashes": [ - : { - "alg": "SHA-1", - "content": "48b2006d35cdde849a18f7cadbfaf17c9273130f" - } - ], - "licenses": [ - : { - "license": { - "name": "MIT" - } - } - ], - "name": "brotli-libs", + "name": "github.com/nats-io/nuid", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgType", + "name": "aquasecurity:trivy:LayerDigest", - "value": "alpine" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "brotli" + "value": "gobinary" }, - 2: { - "name": "aquasecurity:trivy:PkgID", - "value": "brotli-libs@1.0.9-r14" - }, 3: { "name": "aquasecurity:trivy:PkgType", "value": "alpine" } - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "brotli" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.36.1-r4" } ], - "purl": "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1", "type": "library", - "version": "1.0.9-r14" + "version": "v1.0.1" }, 10: { - "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4", + "bom-ref": "3550f049-6eb2-41a9-8e67-eec39e46a33d", - "hashes": [ - : { - "alg": "SHA-1", - "content": "cad2ac72ebcf9db9137100f2529528b165328fc3" - } - ], - "licenses": [ - : { - "license": { - "name": "GPL-2.0" - } - } - ], - "name": "busybox-binsh", + "name": "github.com/mattn/go-colorable", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "busybox-binsh@1.36.1-r4" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "busybox" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "busybox" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.36.1-r4" } ], - "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/mattn/go-colorable@v0.1.8", "type": "library", - "version": "1.36.1-r4" + "version": "v0.1.8" }, 11: { - "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4", + "bom-ref": "37100b09-d58e-456b-bf66-96cb133c434d", - "hashes": [ - : { - "alg": "SHA-1", - "content": "f2aefa121ae047b6d66f587964014e782dd761ed" - } - ], - "licenses": [ - : { - "license": { - "name": "GPL-2.0" - } - } - ], - "name": "busybox", + "name": "usr/local/bin/stan-bench", "properties": [ 0: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:Class", - "value": "busybox@1.36.1-r4" + "value": "lang-pkgs" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgType", + "name": "aquasecurity:trivy:Type", - "value": "alpine" + "value": "gobinary" }, - 1: { - "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" - }, 2: { "name": "aquasecurity:trivy:PkgID", "value": "ca-certificates-bundle@20230506-r0" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - } - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "busybox" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "20230506-r0" } ], - "purl": "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4", - "type": "library", + "type": "application", - "version": "1.36.1-r4" }, 12: { - "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4", + "bom-ref": "3a508e2a-ffa6-44b1-a334-46b9aaaf403b", - "hashes": [ - : { - "alg": "SHA-1", - "content": "47f485d08670a9eb21ebf10e70ae65dc43ab6c3d" - } - ], - "licenses": [ - : { - "license": { - "name": "MPL-2.0" - } - }, - : { - "license": { - "name": "MIT" - } - } - ], - "name": "ca-certificates-bundle", + "name": "github.com/nats-io/nkeys", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "ca-certificates-bundle@20230506-r0" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "ca-certificates" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "ca-certificates" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "20230506-r0" } ], - "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/nkeys@v0.1.4", "type": "library", - "version": "20230506-r0" + "version": "v0.1.4" }, 13: { - "bom-ref": "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4", + "bom-ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33", - "hashes": [ - : { - "alg": "SHA-1", - "content": "146f0cfbbc3e7648d5f55cb49861565b6b78f83a" - } - ], - "licenses": [ - : { - "license": { - "name": "MPL-2.0" - } - }, - : { - "license": { - "name": "MIT" - } - } - ], - "name": "ca-certificates", + "name": "github.com/nats-io/jwt", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "ca-certificates@20230506-r0" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "ca-certificates" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "ca-certificates" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "8.4.0-r0" } ], - "purl": "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/jwt@v0.3.2", "type": "library", - "version": "20230506-r0" + "version": "v0.3.2" }, 14: { - "bom-ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4", + "bom-ref": "417740b7-723b-4313-8059-5f1b4945dc11", - "hashes": [ - : { - "alg": "SHA-1", - "content": "767892cd1643cd073d6ba6846b7f3452e3851b7b" - } - ], - "licenses": [ - : { - "license": { - "name": "curl" - } - } - ], - "name": "curl", + "name": "github.com/nats-io/nkeys", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgType", + "name": "aquasecurity:trivy:LayerDigest", - "value": "alpine" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "curl" + "value": "gobinary" }, - 2: { - "name": "aquasecurity:trivy:PkgID", - "value": "curl@8.4.0-r0" - }, 3: { "name": "aquasecurity:trivy:PkgType", "value": "alpine" } - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "curl" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "2.2.5-r3" } ], - "purl": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/nkeys@v0.1.4", "type": "library", - "version": "8.4.0-r0" + "version": "v0.1.4" }, 15: { - "bom-ref": "pkg:apk/alpine/figlet@2.2.5-r3?arch=x86_64&distro=3.18.4", + "bom-ref": "4497229a-93b4-4299-a9e6-a1070b6ffda5", - "hashes": [ - : { - "alg": "SHA-1", - "content": "fa17a85bc6a99bd8e1723b19d2d10d73cf7999ff" - } - ], - "licenses": [ - : { - "license": { - "name": "BSD-3-Clause" - } - } - ], - "name": "figlet", + "name": "github.com/gogo/protobuf", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "figlet@2.2.5-r3" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "figlet" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "figlet" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.6-r3" } ], - "purl": "pkg:apk/alpine/figlet@2.2.5-r3?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "type": "library", - "version": "2.2.5-r3" + "version": "v1.3.2" }, 16: { - "bom-ref": "pkg:apk/alpine/jq@1.6-r3?arch=x86_64&distro=3.18.4", + "bom-ref": "4fbc1e52-81cf-4163-a4c0-dfc0ae24f480", - "hashes": [ - : { - "alg": "SHA-1", - "content": "6beb4d293502d8477f30cb51596397bdcddfd85f" - } - ], - "licenses": [ - : { - "license": { - "name": "MIT" - } - } - ], - "name": "jq", + "name": "github.com/nats-io/nuid", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgType", + "name": "aquasecurity:trivy:LayerDigest", - "value": "alpine" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "jq" + "value": "gobinary" }, - 2: { - "name": "aquasecurity:trivy:PkgID", - "value": "jq@1.6-r3" - }, 3: { "name": "aquasecurity:trivy:PkgType", "value": "alpine" } - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "jq" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "0.7.2-r5" } ], - "purl": "pkg:apk/alpine/jq@1.6-r3?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1", "type": "library", - "version": "1.6-r3" + "version": "v1.0.1" }, 17: { - "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4", + "bom-ref": "5b9357f0-f8fd-4f05-a2c8-d43d47bad559", - "hashes": [ - : { - "alg": "SHA-1", - "content": "2e59dafeb8bca0786540846c686f121ae8348a42" - } - ], - "licenses": [ - : { - "license": { - "name": "BSD-2-Clause" - } - }, - : { - "license": { - "name": "BSD-3-Clause" - } - } - ], - "name": "libc-utils", + "name": "github.com/kballard/go-shellquote", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "libc-utils@0.7.2-r5" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "libc-dev" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "libc-dev" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "3.1.3-r0" } ], - "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", "type": "library", - "version": "0.7.2-r5" + "version": "v0.0.0-20180428030007-95032a82bc51" }, 18: { - "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "bom-ref": "5bedfcbd-bcb9-4b36-ac1c-69b77c8b0b45", - "hashes": [ - : { - "alg": "SHA-1", - "content": "fa12c7857510118cad0c71e2695361574e3ddd3b" - } - ], - "licenses": [ - : { - "license": { - "name": "Apache-2.0" - } - } - ], - "name": "libcrypto3", + "name": "usr/local/bin/stan-pub", "properties": [ 0: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:Class", - "value": "libcrypto3@3.1.3-r0" + "value": "lang-pkgs" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgType", + "name": "aquasecurity:trivy:Type", - "value": "alpine" + "value": "gobinary" }, - 1: { - "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" - }, 2: { "name": "aquasecurity:trivy:PkgID", "value": "libcurl@8.4.0-r0" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - } - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "openssl" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "8.4.0-r0" } ], - "purl": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", - "type": "library", + "type": "application", - "version": "3.1.3-r0" }, 19: { - "bom-ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4", + "bom-ref": "5e630d92-734e-441e-97bc-292689866d19", - "hashes": [ - : { - "alg": "SHA-1", - "content": "c41a6f900bb095727f706ed53dd52ff34f586cc8" - } - ], - "licenses": [ - : { - "license": { - "name": "curl" - } - } - ], - "name": "libcurl", + "name": "usr/local/bin/nats-top", "properties": [ 0: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:Class", - "value": "libcurl@8.4.0-r0" + "value": "lang-pkgs" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgType", + "name": "aquasecurity:trivy:Type", - "value": "alpine" + "value": "gobinary" }, - 1: { - "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" - }, 2: { "name": "aquasecurity:trivy:PkgID", "value": "libidn2@2.3.4-r1" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - } - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "curl" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "2.3.4-r1" } ], - "purl": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4", - "type": "library", + "type": "application", - "version": "8.4.0-r0" }, 20: { - "bom-ref": "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4", + "bom-ref": "63635711-87a0-4f17-a181-a1a240810ec4", - "hashes": [ - : { - "alg": "SHA-1", - "content": "7bc3cd824a388677844c8e6e75ccf5344cf42f6f" - } - ], - "licenses": [ - : { - "license": { - "name": "GPL-2.0" - } - }, - : { - "license": { - "name": "LGPL-3.0-or-later" - } - } - ], - "name": "libidn2", + "name": "github.com/xlab/tablewriter", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "libidn2@2.3.4-r1" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "libidn2" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "libidn2" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "3.1.3-r0" } ], - "purl": "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5", "type": "library", - "version": "2.3.4-r1" + "version": "v0.0.0-20160610135559-80b567a11ad5" }, 21: { - "bom-ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "bom-ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789", - "hashes": [ - : { - "alg": "SHA-1", - "content": "ceb37221d0f02272791d42e583b952031bcb7957" - } - ], - "licenses": [ - : { - "license": { - "name": "Apache-2.0" - } - } - ], - "name": "libssl3", + "name": "golang.org/x/crypto", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "libssl3@3.1.3-r0" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "openssl" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "openssl" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.1-r1" } ], - "purl": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9", "type": "library", - "version": "3.1.3-r0" + "version": "v0.0.0-20200622213623-75b288015ac9" }, 22: { - "bom-ref": "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4", + "bom-ref": "6bd9a336-e7bc-41d1-8c95-294cb3eb6726", - "hashes": [ - : { - "alg": "SHA-1", - "content": "14ce8b4b122fdd33acb11cc7f106aa0561c219a1" - } - ], - "licenses": [ - : { - "license": { - "name": "GPL-2.0" - } - }, - : { - "license": { - "name": "LGPL-3.0-or-later" - } - } - ], - "name": "libunistring", + "name": "github.com/mattn/go-isatty", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgType", + "name": "aquasecurity:trivy:LayerDigest", - "value": "alpine" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "libunistring" + "value": "gobinary" }, - 2: { - "name": "aquasecurity:trivy:PkgID", - "value": "libunistring@1.1-r1" - }, 3: { "name": "aquasecurity:trivy:PkgType", "value": "alpine" } - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "libunistring" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.2.4-r2" } ], - "purl": "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.12", "type": "library", - "version": "1.1-r1" + "version": "v0.0.12" }, 23: { - "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4", + "bom-ref": "718081db-83c2-4309-87c8-e43228139b88", - "hashes": [ - : { - "alg": "SHA-1", - "content": "e7d3d748b5d59b030103457f166beb049a1ba5a9" - } - ], - "licenses": [ - : { - "license": { - "name": "MIT" - } - }, - : { - "license": { - "name": "BSD-2-Clause" - } - }, - : { - "license": { - "name": "GPL-2.0" - } - } - ], - "name": "musl-utils", + "name": "golang.org/x/crypto", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgType", + "name": "aquasecurity:trivy:LayerDigest", - "value": "alpine" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "musl" + "value": "gobinary" }, - 2: { - "name": "aquasecurity:trivy:PkgID", - "value": "musl-utils@1.2.4-r2" - }, 3: { "name": "aquasecurity:trivy:PkgType", "value": "alpine" } - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "musl" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.2.4-r2" } ], - "purl": "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9", "type": "library", - "version": "1.2.4-r2" + "version": "v0.0.0-20200622213623-75b288015ac9" }, 24: { - "bom-ref": "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4", + "bom-ref": "7b125efc-c47a-449d-b273-75828649b1a4", - "hashes": [ - : { - "alg": "SHA-1", - "content": "a1db4862d2b238283ab2e17f703698a7280bee1c" - } - ], - "licenses": [ - : { - "license": { - "name": "MIT" - } - } - ], - "name": "musl", + "name": "github.com/nats-io/nats.go", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "musl@1.2.4-r2" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "musl" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "musl" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.57.0-r0" } ], - "purl": "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.0", "type": "library", - "version": "1.2.4-r2" + "version": "v1.10.0" }, 25: { - "bom-ref": "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4", + "bom-ref": "7dba7372-931a-407d-a918-76bcac292907", - "hashes": [ - : { - "alg": "SHA-1", - "content": "4bd70e60aa4f7d9ebf66b24725cb65ffbff4e0d3" - } - ], - "licenses": [ - : { - "license": { - "name": "MIT" - } - } - ], - "name": "nghttp2-libs", + "name": "github.com/dustin/go-humanize", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "nghttp2-libs@1.57.0-r0" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "nghttp2" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "nghttp2" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "6.9.8-r1" } ], - "purl": "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/dustin/go-humanize@v1.0.0", "type": "library", - "version": "1.57.0-r0" + "version": "v1.0.0" }, 26: { - "bom-ref": "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4", + "bom-ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb", - "hashes": [ - : { - "alg": "SHA-1", - "content": "1dd3c21a688d1215b13d2e6a5749d964b24768a9" - } - ], - "licenses": [ - : { - "license": { - "name": "BSD-2-Clause" - } - } - ], - "name": "oniguruma", + "name": "github.com/nats-io/jwt", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "oniguruma@6.9.8-r1" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "oniguruma" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "oniguruma" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.3.7-r1" } ], - "purl": "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/jwt@v0.3.2", "type": "library", - "version": "6.9.8-r1" + "version": "v0.3.2" }, 27: { - "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4", + "bom-ref": "8075733b-5b92-4bdc-9b3a-1ea48bff49ad", - "hashes": [ - : { - "alg": "SHA-1", - "content": "e27abda38faea3635a2db4d50d007751ea280b43" - } - ], - "licenses": [ - : { - "license": { - "name": "GPL-2.0" - } - } - ], - "name": "scanelf", + "name": "github.com/nats-io/nkeys", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "scanelf@1.3.7-r1" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "pax-utils" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "pax-utils" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.36.1-r4" } ], - "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/nats-io/nkeys@v0.3.0", "type": "library", - "version": "1.3.7-r1" + "version": "v0.3.0" }, 28: { - "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r4?arch=x86_64&distro=3.18.4", + "bom-ref": "84eac386-ca89-4217-8a72-84d77e3bd144", - "hashes": [ - : { - "alg": "SHA-1", - "content": "ac3c1290e79269349690f4e6e065a6ff2a6c7e26" - } - ], - "licenses": [ - : { - "license": { - "name": "GPL-2.0" - } - } - ], - "name": "ssl_client", + "name": "golang.org/x/crypto", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822" - }, 1: { - "name": "aquasecurity:trivy:PkgID", + "name": "aquasecurity:trivy:LayerDigest", - "value": "ssl_client@1.36.1-r4" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "busybox" + "value": "gobinary" }, - 3: { - "name": "aquasecurity:trivy:PkgType", - "value": "alpine" - }, - 4: { - "name": "aquasecurity:trivy:SrcName", - "value": "busybox" - } 5: { "name": "aquasecurity:trivy:SrcVersion", "value": "1.2.13-r1" } ], - "purl": "pkg:apk/alpine/ssl_client@1.36.1-r4?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20210421170649-83a5a9bb288b", "type": "library", - "version": "1.36.1-r4" + "version": "v0.0.0-20210421170649-83a5a9bb288b" }, 29: { - "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4", + "bom-ref": "8623282c-313d-4047-9f16-bcfd7e550997", - "name": "zlib", + "name": "github.com/mattn/go-colorable", "properties": [ 0: { - "name": "aquasecurity:trivy:LayerDigest", + "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, - 0: { - "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" - }, 1: { - "name": "aquasecurity:trivy:PkgType", + "name": "aquasecurity:trivy:LayerDigest", - "value": "alpine" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" } 2: { - "name": "aquasecurity:trivy:SrcName", + "name": "aquasecurity:trivy:PkgType", - "value": "zlib" + "value": "gobinary" } - 2: { - "name": "aquasecurity:trivy:PkgID", - "value": "zlib@1.2.13-r1" - } ], - "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4", + "purl": "pkg:golang/github.com/mattn/go-colorable@v0.1.8", "type": "library", - "version": "1.2.13-r1" + "version": "v0.1.8" }, 30: { - "bom-ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.6", + "bom-ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77", - "name": "github.com/AlecAivazis/survey/v2", + "name": "golang.org/x/text", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.6", + "purl": "pkg:golang/golang.org/x/text@v0.3.6", "type": "library", - "version": "v2.3.6" + "version": "v0.3.6" }, 31: { - "bom-ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7", + "bom-ref": "8d4a3605-99a8-40ad-960e-858be6815082", - "name": "github.com/AlecAivazis/survey/v2", + "name": "github.com/nats-io/nkeys", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7", + "purl": "pkg:golang/github.com/nats-io/nkeys@v0.1.4", "type": "library", - "version": "v2.3.7" + "version": "v0.1.4" }, 32: { - "bom-ref": "pkg:golang/github.com/antonmedv/expr@v1.15.2", + "bom-ref": "90b91b63-c94e-469d-87ef-b98807e67bfb", - "name": "github.com/antonmedv/expr", + "name": "github.com/gogo/protobuf", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/antonmedv/expr@v1.15.2", + "purl": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "type": "library", - "version": "v1.15.2" + "version": "v1.3.2" }, 33: { - "bom-ref": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "bom-ref": "99b7b900-55f8-4676-8c8f-32262681845b", - "name": "github.com/beorn7/perks", + "name": "golang.org/x/text", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "purl": "pkg:golang/golang.org/x/text@v0.3.6", "type": "library", - "version": "v1.0.1" + "version": "v0.3.6" }, 34: { - "bom-ref": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible", + "bom-ref": "a6b681f9-0866-480c-9a19-7df19b930d0d", - "name": "github.com/blang/semver", + "name": "golang.org/x/term", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible", + "purl": "pkg:golang/golang.org/x/term@v0.0.0-20210422114643-f5beecf764ed", "type": "library", - "version": "v3.5.1+incompatible" + "version": "v0.0.0-20210422114643-f5beecf764ed" }, 35: { - "bom-ref": "pkg:golang/github.com/briandowns/spinner@v1.23.0", + "bom-ref": "ab2a2a27-ce28-429e-a2d9-985a5b58ff2f", - "name": "github.com/briandowns/spinner", + "name": "golang.org/x/term", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/briandowns/spinner@v1.23.0", + "purl": "pkg:golang/golang.org/x/term@v0.0.0-20210422114643-f5beecf764ed", "type": "library", - "version": "v1.23.0" + "version": "v0.0.0-20210422114643-f5beecf764ed" }, 36: { - "bom-ref": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", + "bom-ref": "ad12cc30-75c9-4dbe-9cd7-19b5b086be4e", - "name": "github.com/cespare/xxhash/v2", + "name": "github.com/nats-io/nats.go", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", + "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.0", "type": "library", - "version": "v2.2.0" + "version": "v1.10.0" }, 37: { - "bom-ref": "pkg:golang/github.com/choria-io/fisk@v0.6.0", + "bom-ref": "ae9d8fc6-a066-4e24-bc8c-cdfe17a737c0", - "name": "github.com/choria-io/fisk", + "name": "github.com/dustin/go-humanize", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/choria-io/fisk@v0.6.0", + "purl": "pkg:golang/github.com/dustin/go-humanize@v1.0.0", "type": "library", - "version": "v0.6.0" + "version": "v1.0.0" }, 38: { - "bom-ref": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2", + "bom-ref": "af137522-c78a-4301-becc-f921d74266c9", - "name": "github.com/cpuguy83/go-md2man/v2", + "name": "github.com/nats-io/nuid", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2", + "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1", "type": "library", - "version": "v2.0.2" + "version": "v1.0.1" }, 39: { - "bom-ref": "pkg:golang/github.com/dustin/go-humanize@v1.0.1", + "bom-ref": "bedd6971-db83-4b95-a3ec-2d000422efed", - "name": "github.com/dustin/go-humanize", + "name": "gopkg.in/yaml.v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/dustin/go-humanize@v1.0.1", + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "type": "library", - "version": "v1.0.1" + "version": "v2.4.0" }, 40: { - "bom-ref": "pkg:golang/github.com/emicklei/dot@v1.6.0", + "bom-ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4", - "name": "github.com/emicklei/dot", + "name": "golang.org/x/crypto", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/emicklei/dot@v1.6.0", + "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9", "type": "library", - "version": "v1.6.0" + "version": "v0.0.0-20200622213623-75b288015ac9" }, 41: { - "bom-ref": "pkg:golang/github.com/fatih/color@v1.15.0", + "bom-ref": "c85c3481-4815-486c-82e9-dba0f7a3eac6", "name": "github.com/ghodss/yaml", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/fatih/color@v1.15.0", + "purl": "pkg:golang/github.com/fatih/color@v1.10.0", "type": "library", - "version": "v1.15.0" + "version": "v1.10.0" }, 42: { - "bom-ref": "pkg:golang/github.com/ghodss/yaml@v1.0.0", + "bom-ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c", - "name": "github.com/ghodss/yaml", + "name": "golang.org/x/crypto", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/ghodss/yaml@v1.0.0", + "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20210421170649-83a5a9bb288b", "type": "library", - "version": "v1.0.0" + "version": "v0.0.0-20210421170649-83a5a9bb288b" }, 43: { - "bom-ref": "pkg:golang/github.com/golang/protobuf@v1.5.3", + "bom-ref": "ce8adfce-acb4-4fe1-b310-bd23e88e4e57", - "name": "github.com/golang/protobuf", + "name": "gopkg.in/yaml.v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/golang/protobuf@v1.5.3", + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "type": "library", - "version": "v1.5.3" + "version": "v2.4.0" }, + 44: { + "bom-ref": "cfba38a6-98c7-43e7-82ac-7841dd9513ca", + "name": "alpine", + "properties": [ + : { + "name": "aquasecurity:trivy:Class", + "value": "os-pkgs" + }, + : { + "name": "aquasecurity:trivy:Type", + "value": "alpine" + } + ], + "type": "operating-system", + "version": "3.13.2" + }, 44: { "bom-ref": "pkg:golang/github.com/google/go-github/v30@v30.1.0", "name": "github.com/google/go-github/v30", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/google/go-github/v30@v30.1.0", "type": "library", "version": "v30.1.0" }, 45: { - "bom-ref": "pkg:golang/github.com/google/go-cmp@v0.5.9", + "bom-ref": "d3c7fe00-7922-44b3-ab7a-6815c8754dfa", - "name": "github.com/google/go-cmp", + "name": "github.com/nats-io/nkeys", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/google/go-cmp@v0.5.9", + "purl": "pkg:golang/github.com/nats-io/nkeys@v0.3.0", "type": "library", - "version": "v0.5.9" + "version": "v0.3.0" }, + 46: { + "bom-ref": "d7122973-9d0f-4e27-bc7b-f3930bde6889", + "name": "usr/local/bin/nats", + "properties": [ + : { + "name": "aquasecurity:trivy:Class", + "value": "lang-pkgs" + }, + : { + "name": "aquasecurity:trivy:Type", + "value": "gobinary" + } + ], + "type": "application" + }, 46: { "bom-ref": "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510", "name": "github.com/google/shlex", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510", "type": "library", "version": "v0.0.0-20191202100458-e7afc7fbc510" }, 47: { - "bom-ref": "pkg:golang/github.com/google/go-github/v30@v30.1.0", + "bom-ref": "d8213071-7f1e-4f2e-bdac-e66ee0c2dde6", - "name": "github.com/google/go-github/v30", + "name": "github.com/nats-io/jwt/v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/google/go-github/v30@v30.1.0", + "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.0.1", "type": "library", - "version": "v30.1.0" + "version": "v2.0.1" }, 48: { - "bom-ref": "pkg:golang/github.com/google/go-querystring@v1.1.0", + "bom-ref": "d99b8db3-8f9e-41a4-bb16-0c1936f401d3", - "name": "github.com/google/go-querystring", + "name": "github.com/gogo/protobuf", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/google/go-querystring@v1.1.0", + "purl": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "type": "library", - "version": "v1.1.0" + "version": "v1.3.2" }, 49: { - "bom-ref": "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510", + "bom-ref": "dcadec35-53bc-493d-910d-9e96306127d1", - "name": "github.com/google/shlex", + "name": "github.com/nats-io/nuid", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510", + "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1", "type": "library", - "version": "v0.0.0-20191202100458-e7afc7fbc510" + "version": "v1.0.1" }, 50: { - "bom-ref": "pkg:golang/github.com/gosuri/uilive@v0.0.4", + "bom-ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd", - "name": "github.com/gosuri/uilive", + "name": "github.com/nats-io/jwt", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/gosuri/uilive@v0.0.4", + "purl": "pkg:golang/github.com/nats-io/jwt@v0.3.2", "type": "library", - "version": "v0.0.4" + "version": "v0.3.2" }, 51: { - "bom-ref": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1", + "bom-ref": "e2cef7b8-d52f-49c6-9c4c-fce547506589", - "name": "github.com/gosuri/uiprogress", + "name": "github.com/mattn/go-isatty", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1", + "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.12", "type": "library", - "version": "v0.0.1" + "version": "v0.0.12" }, 52: { - "bom-ref": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.6", + "bom-ref": "f0745570-156e-489b-9743-7a6c34f2b983", - "name": "github.com/guptarohit/asciigraph", + "name": "github.com/AlecAivazis/survey/v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.6", + "purl": "pkg:golang/github.com/alecaivazis/survey/v2@v2.2.12", "type": "library", - "version": "v0.5.6" + "version": "v2.2.12" }, 53: { - "bom-ref": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v1.1.2", + "bom-ref": "f97ba060-ad20-45f4-ac69-fc24d30411ad", - "name": "github.com/HdrHistogram/hdrhistogram-go", + "name": "github.com/nats-io/jwt/v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v1.1.2", + "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.0.1", "type": "library", - "version": "v1.1.2" + "version": "v2.0.1" }, + 54: { + "bom-ref": "fff3d909-640a-4173-b0c3-b23507dd77d3", + "name": "usr/local/bin/nsc", + "properties": [ + : { + "name": "aquasecurity:trivy:Class", + "value": "lang-pkgs" + }, + : { + "name": "aquasecurity:trivy:Type", + "value": "gobinary" + } + ], + "type": "application" + }, 54: { "bom-ref": "pkg:golang/github.com/klauspost/compress@v1.16.5", "name": "github.com/klauspost/compress", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/klauspost/compress@v1.16.5", "type": "library", "version": "v1.16.5" }, + 55: { + "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.2.0-r8?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "15d2b578fd7e8841b6f4cc80134ca504c2023317" + } + ], + "licenses": [ + : { + "license": { + "name": "GPL-2.0" + } + } + ], + "name": "alpine-baselayout", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "alpine-baselayout@3.2.0-r8" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "alpine-baselayout" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.2.0-r8" + } + ], + "purl": "pkg:apk/alpine/alpine-baselayout@3.2.0-r8?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "3.2.0-r8" + }, 55: { "bom-ref": "pkg:golang/github.com/klauspost/compress@v1.17.0", "name": "github.com/klauspost/compress", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/klauspost/compress@v1.17.0", "type": "library", "version": "v1.17.0" }, + 56: { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.2-r0?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "2e1db77e486469f7e25f3eac47ee2742f51f9153" + } + ], + "licenses": [ + : { + "license": { + "name": "MIT" + } + } + ], + "name": "alpine-keys", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "alpine-keys@2.2-r0" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "alpine-keys" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.2-r0" + } + ], + "purl": "pkg:apk/alpine/alpine-keys@2.2-r0?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "2.2-r0" + }, 56: { "bom-ref": "pkg:golang/github.com/mattn/go-colorable@v0.1.13", "name": "github.com/mattn/go-colorable", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/mattn/go-colorable@v0.1.13", "type": "library", "version": "v0.1.13" }, + 57: { + "bom-ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "b719126b7bd2a798662ada563c69d051d665549a" + } + ], + "licenses": [ + : { + "license": { + "name": "GPL-2.0" + } + } + ], + "name": "apk-tools", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "apk-tools@2.12.1-r0" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "apk-tools" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.12.1-r0" + } + ], + "purl": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "2.12.1-r0" + }, 57: { "bom-ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.17", "name": "github.com/mattn/go-isatty", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.17", "type": "library", "version": "v0.0.17" }, + 58: { + "bom-ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "ea87905ba6c33fbb95c0252a3610001076fbe59e" + } + ], + "licenses": [ + : { + "license": { + "name": "GPL-2.0" + } + } + ], + "name": "busybox", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "busybox@1.32.1-r3" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "busybox" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.32.1-r3" + } + ], + "purl": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "1.32.1-r3" + }, 58: { "bom-ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.19", "name": "github.com/mattn/go-isatty", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.19", "type": "library", "version": "v0.0.19" }, + 59: { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "9d95958d8cdac1af141d414024905c7ce861458d" + } + ], + "licenses": [ + : { + "license": { + "name": "MPL-2.0" + } + }, + : { + "license": { + "name": "MIT" + } + } + ], + "name": "ca-certificates-bundle", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "ca-certificates-bundle@20191127-r5" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "ca-certificates" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "20191127-r5" + } + ], + "purl": "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "20191127-r5" + }, 59: { "bom-ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14", "name": "github.com/mattn/go-runewidth", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14", "type": "library", "version": "v0.0.14" }, + 60: { + "bom-ref": "pkg:apk/alpine/ca-certificates@20191127-r5?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "9a32ec5e560733e17a671fba0128e6a3ebef5ce3" + } + ], + "licenses": [ + : { + "license": { + "name": "MPL-2.0" + } + }, + : { + "license": { + "name": "MIT" + } + } + ], + "name": "ca-certificates", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:f71b4f2368074b5ba538e48e56b57707ce43ff5db5b61a62a79b8964cd352ca2" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:8591fa42d73dba5b01bf828e8426f087f6ba2be53d81e6b881e6ec7944834df6" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "ca-certificates@20191127-r5" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "ca-certificates" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "20191127-r5" + } + ], + "purl": "pkg:apk/alpine/ca-certificates@20191127-r5?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "20191127-r5" + }, 60: { "bom-ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.15", "name": "github.com/mattn/go-runewidth", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/mattn/go-runewidth@v0.0.15", "type": "library", "version": "v0.0.15" }, + 61: { + "bom-ref": "pkg:apk/alpine/figlet@2.2.5-r1?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "2a09a857775ed6d8dbba1fb9dfcf6879f1cf1b04" + } + ], + "licenses": [ + : { + "license": { + "name": "BSD-3-Clause" + } + } + ], + "name": "figlet", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:f71b4f2368074b5ba538e48e56b57707ce43ff5db5b61a62a79b8964cd352ca2" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:8591fa42d73dba5b01bf828e8426f087f6ba2be53d81e6b881e6ec7944834df6" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "figlet@2.2.5-r1" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "figlet" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.2.5-r1" + } + ], + "purl": "pkg:apk/alpine/figlet@2.2.5-r1?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "2.2.5-r1" + }, 61: { "bom-ref": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4", "name": "github.com/matttproud/golang_protobuf_extensions", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4", "type": "library", "version": "v1.0.4" }, + 62: { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "261cab49287a370b3889e6ec33afd51c2c703df4" + } + ], + "licenses": [ + : { + "license": { + "name": "BSD-2-Clause" + } + }, + : { + "license": { + "name": "BSD-3-Clause" + } + } + ], + "name": "libc-utils", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "libc-utils@0.7.2-r3" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "libc-dev" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "0.7.2-r3" + } + ], + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "0.7.2-r3" + }, 62: { "bom-ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d", "name": "github.com/mgutz/ansi", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d", "type": "library", "version": "v0.0.0-20200706080929-d51e80ef957d" }, + 63: { + "bom-ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "5adb82dd79a48d631f9aef830e4183187811bce7" + } + ], + "licenses": [ + : { + "license": { + "name": "OpenSSL" + } + } + ], + "name": "libcrypto1.1", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "libcrypto1.1@1.1.1j-r0" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "openssl" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.1.1j-r0" + } + ], + "purl": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "1.1.1j-r0" + }, 63: { "bom-ref": "pkg:golang/github.com/minio/highwayhash@v1.0.2", "name": "github.com/minio/highwayhash", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/minio/highwayhash@v1.0.2", "type": "library", "version": "v1.0.2" }, + 64: { + "bom-ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "0640f8669ebb73d9f34f64bf044b6caa91191077" + } + ], + "licenses": [ + : { + "license": { + "name": "OpenSSL" + } + } + ], + "name": "libssl1.1", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "libssl1.1@1.1.1j-r0" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "openssl" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.1.1j-r0" + } + ], + "purl": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "1.1.1j-r0" + }, 64: { "bom-ref": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", "name": "github.com/mitchellh/go-homedir", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", "type": "library", "version": "v1.1.0" }, + 65: { + "bom-ref": "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "82d33d0f18a70fdb1b8c9327ae23a196d5bbb0d4" + } + ], + "licenses": [ + : { + "license": { + "name": "ISC" + } + } + ], + "name": "libtls-standalone", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "libtls-standalone@2.9.1-r1" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "libtls-standalone" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.9.1-r1" + } + ], + "purl": "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "2.9.1-r1" + }, 65: { "bom-ref": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1", "name": "github.com/mitchellh/go-wordwrap", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1", "type": "library", "version": "v1.0.1" }, + 66: { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.2-r0?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "0f7258226eb526d3701b14343d4b0f0aecae13bc" + } + ], + "licenses": [ + : { + "license": { + "name": "MIT" + } + }, + : { + "license": { + "name": "BSD-3-Clause" + } + }, + : { + "license": { + "name": "GPL-2.0" + } + } + ], + "name": "musl-utils", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "musl-utils@1.2.2-r0" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "musl" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.2.2-r0" + } + ], + "purl": "pkg:apk/alpine/musl-utils@1.2.2-r0?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "1.2.2-r0" + }, 66: { "bom-ref": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9", "name": "github.com/nats-io/cliprompts/v2", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9", "type": "library", "version": "v2.0.0-20200221130455-2737f3b8cbb9" }, + 67: { + "bom-ref": "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "d0dbb978de30ae1f165ee240d89692c2a3a52721" + } + ], + "licenses": [ + : { + "license": { + "name": "MIT" + } + } + ], + "name": "musl", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "musl@1.2.2-r0" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "musl" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.2.2-r0" + } + ], + "purl": "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "1.2.2-r0" + }, 67: { "bom-ref": "pkg:golang/github.com/nats-io/jsm.go@v0.0.35", "name": "github.com/nats-io/jsm.go", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/nats-io/jsm.go@v0.0.35", "type": "library", "version": "v0.0.35" }, + 68: { + "bom-ref": "pkg:apk/alpine/scanelf@1.2.8-r0?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "39824e854e7520bc03411c0d89882ab6af7cebfa" + } + ], + "licenses": [ + : { + "license": { + "name": "GPL-2.0" + } + } + ], + "name": "scanelf", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "scanelf@1.2.8-r0" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "pax-utils" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.2.8-r0" + } + ], + "purl": "pkg:apk/alpine/scanelf@1.2.8-r0?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "1.2.8-r0" + }, 68: { "bom-ref": "pkg:golang/github.com/nats-io/jsm.go@v0.1.0", "name": "github.com/nats-io/jsm.go", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/nats-io/jsm.go@v0.1.0", "type": "library", "version": "v0.1.0" }, + 69: { + "bom-ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "18b22c9a0ce4aacdd4ab48e1696ccf70f98068dc" + } + ], + "licenses": [ + : { + "license": { + "name": "GPL-2.0" + } + } + ], + "name": "ssl_client", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "ssl_client@1.32.1-r3" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "busybox" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.32.1-r3" + } + ], + "purl": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "1.32.1-r3" + }, 69: { "bom-ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1", "name": "github.com/nats-io/jwt/v2", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1", "type": "library", "version": "v2.4.1" }, + 70: { + "bom-ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2", + "hashes": [ + : { + "alg": "SHA-1", + "content": "36bf58da74d48e0011cb00b7e27f4d114b772cee" + } + ], + "licenses": [ + : { + "license": { + "name": "Zlib" + } + } + ], + "name": "zlib", + "properties": [ + : { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, + : { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d" + }, + : { + "name": "aquasecurity:trivy:PkgID", + "value": "zlib@1.2.11-r3" + }, + : { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + : { + "name": "aquasecurity:trivy:SrcName", + "value": "zlib" + }, + : { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.2.11-r3" + } + ], + "purl": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2", + "type": "library", + "version": "1.2.11-r3" + }, 70: { "bom-ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2", "name": "github.com/nats-io/jwt/v2", "properties": [ : { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" }, : { "name": "aquasecurity:trivy:LayerDigest", "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" }, : { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2", "type": "library", "version": "v2.5.2" }, 71: { - "bom-ref": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf", + "bom-ref": "pkg:golang/github.com/alecthomas/template@v0.0.0-20190718012654-fb15b899a751", - "name": "github.com/inconshreveable/go-update", + "name": "github.com/alecthomas/template", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf", + "purl": "pkg:golang/github.com/alecthomas/template@v0.0.0-20190718012654-fb15b899a751", "type": "library", - "version": "v0.0.0-20160112193335-8152e7eb6ccf" + "version": "v0.0.0-20190718012654-fb15b899a751" }, 72: { - "bom-ref": "pkg:golang/github.com/jedib0t/go-pretty/v6@v6.4.7", + "bom-ref": "pkg:golang/github.com/alecthomas/units@v0.0.0-20210208195552-ff826a37aa15", - "name": "github.com/jedib0t/go-pretty/v6", + "name": "github.com/alecthomas/units", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/jedib0t/go-pretty/v6@v6.4.7", + "purl": "pkg:golang/github.com/alecthomas/units@v0.0.0-20210208195552-ff826a37aa15", "type": "library", - "version": "v6.4.7" + "version": "v0.0.0-20210208195552-ff826a37aa15" }, 73: { - "bom-ref": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", + "bom-ref": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible", - "name": "github.com/kballard/go-shellquote", + "name": "github.com/blang/semver", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", + "purl": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible", "type": "library", - "version": "v0.0.0-20180428030007-95032a82bc51" + "version": "v3.5.1+incompatible" }, 74: { - "bom-ref": "pkg:golang/github.com/klauspost/compress@v1.16.5", + "bom-ref": "pkg:golang/github.com/briandowns/spinner@v1.12.0", - "name": "github.com/klauspost/compress", + "name": "github.com/briandowns/spinner", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/klauspost/compress@v1.16.5", + "purl": "pkg:golang/github.com/briandowns/spinner@v1.12.0", "type": "library", - "version": "v1.16.5" + "version": "v1.12.0" }, 75: { - "bom-ref": "pkg:golang/github.com/klauspost/compress@v1.17.0", + "bom-ref": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.0", - "name": "github.com/klauspost/compress", + "name": "github.com/cpuguy83/go-md2man/v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/klauspost/compress@v1.17.0", + "purl": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.0", "type": "library", - "version": "v1.17.0" + "version": "v2.0.0" }, 76: { - "bom-ref": "pkg:golang/github.com/mattn/go-colorable@v0.1.13", + "bom-ref": "pkg:golang/github.com/emicklei/dot@v0.15.0", - "name": "github.com/mattn/go-colorable", + "name": "github.com/emicklei/dot", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/mattn/go-colorable@v0.1.13", + "purl": "pkg:golang/github.com/emicklei/dot@v0.15.0", "type": "library", - "version": "v0.1.13" + "version": "v0.15.0" }, 77: { - "bom-ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.17", + "bom-ref": "pkg:golang/github.com/fsnotify/fsnotify@v1.4.9", - "name": "github.com/mattn/go-isatty", + "name": "github.com/fsnotify/fsnotify", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.17", + "purl": "pkg:golang/github.com/fsnotify/fsnotify@v1.4.9", "type": "library", - "version": "v0.0.17" + "version": "v1.4.9" }, 78: { - "bom-ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.19", + "bom-ref": "pkg:golang/github.com/ghodss/yaml@v1.0.0", - "name": "github.com/mattn/go-isatty", + "name": "github.com/ghodss/yaml", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.19", + "purl": "pkg:golang/github.com/ghodss/yaml@v1.0.0", "type": "library", - "version": "v0.0.19" + "version": "v1.0.0" }, 79: { - "bom-ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14", + "bom-ref": "pkg:golang/github.com/google/go-cmp@v0.5.5", - "name": "github.com/mattn/go-runewidth", + "name": "github.com/google/go-cmp", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14", + "purl": "pkg:golang/github.com/google/go-cmp@v0.5.5", "type": "library", - "version": "v0.0.14" + "version": "v0.5.5" }, 80: { - "bom-ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.15", + "bom-ref": "pkg:golang/github.com/google/go-github/v30@v30.1.0", - "name": "github.com/mattn/go-runewidth", + "name": "github.com/google/go-github/v30", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/mattn/go-runewidth@v0.0.15", + "purl": "pkg:golang/github.com/google/go-github/v30@v30.1.0", "type": "library", - "version": "v0.0.15" + "version": "v30.1.0" }, 81: { - "bom-ref": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4", + "bom-ref": "pkg:golang/github.com/google/go-querystring@v1.1.0", - "name": "github.com/matttproud/golang_protobuf_extensions", + "name": "github.com/google/go-querystring", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4", + "purl": "pkg:golang/github.com/google/go-querystring@v1.1.0", "type": "library", - "version": "v1.0.4" + "version": "v1.1.0" }, 82: { - "bom-ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d", + "bom-ref": "pkg:golang/github.com/gosuri/uilive@v0.0.4", - "name": "github.com/mgutz/ansi", + "name": "github.com/gosuri/uilive", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d", + "purl": "pkg:golang/github.com/gosuri/uilive@v0.0.4", "type": "library", - "version": "v0.0.0-20200706080929-d51e80ef957d" + "version": "v0.0.4" }, 83: { - "bom-ref": "pkg:golang/github.com/minio/highwayhash@v1.0.2", + "bom-ref": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1", - "name": "github.com/minio/highwayhash", + "name": "github.com/gosuri/uiprogress", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/minio/highwayhash@v1.0.2", + "purl": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1", "type": "library", - "version": "v1.0.2" + "version": "v0.0.1" }, 84: { - "bom-ref": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", + "bom-ref": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.2", - "name": "github.com/mitchellh/go-homedir", + "name": "github.com/guptarohit/asciigraph", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", + "purl": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.2", "type": "library", - "version": "v1.1.0" + "version": "v0.5.2" }, 85: { - "bom-ref": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1", + "bom-ref": "pkg:golang/github.com/hashicorp/hcl@v1.0.0", - "name": "github.com/mitchellh/go-wordwrap", + "name": "github.com/hashicorp/hcl", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1", + "purl": "pkg:golang/github.com/hashicorp/hcl@v1.0.0", "type": "library", - "version": "v1.0.1" + "version": "v1.0.0" }, 86: { - "bom-ref": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9", + "bom-ref": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v0.9.0", - "name": "github.com/nats-io/cliprompts/v2", + "name": "github.com/HdrHistogram/hdrhistogram-go", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9", + "purl": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v0.9.0", "type": "library", - "version": "v2.0.0-20200221130455-2737f3b8cbb9" + "version": "v0.9.0" }, 87: { - "bom-ref": "pkg:golang/github.com/nats-io/jsm.go@v0.0.35", + "bom-ref": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf", - "name": "github.com/nats-io/jsm.go", + "name": "github.com/inconshreveable/go-update", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/jsm.go@v0.0.35", + "purl": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf", "type": "library", - "version": "v0.0.35" + "version": "v0.0.0-20160112193335-8152e7eb6ccf" }, 88: { - "bom-ref": "pkg:golang/github.com/nats-io/jsm.go@v0.1.0", + "bom-ref": "pkg:golang/github.com/klauspost/compress@v1.12.1", - "name": "github.com/nats-io/jsm.go", + "name": "github.com/klauspost/compress", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/jsm.go@v0.1.0", + "purl": "pkg:golang/github.com/klauspost/compress@v1.12.1", "type": "library", - "version": "v0.1.0" + "version": "v1.12.1" }, 89: { - "bom-ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1", + "bom-ref": "pkg:golang/github.com/magiconair/properties@v1.8.5", - "name": "github.com/nats-io/jwt/v2", + "name": "github.com/magiconair/properties", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1", + "purl": "pkg:golang/github.com/magiconair/properties@v1.8.5", "type": "library", - "version": "v2.4.1" + "version": "v1.8.5" }, 90: { - "bom-ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2", + "bom-ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.1", - "name": "github.com/nats-io/jwt/v2", + "name": "github.com/mattn/go-runewidth", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2", + "purl": "pkg:golang/github.com/mattn/go-runewidth@v0.0.1", "type": "library", - "version": "v2.5.2" + "version": "v0.0.1" }, 91: { - "bom-ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0", + "bom-ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20170206155736-9520e82c474b", - "name": "github.com/nats-io/nats-server/v2", + "name": "github.com/mgutz/ansi", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0", + "purl": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20170206155736-9520e82c474b", "type": "library", - "version": "v2.10.0" + "version": "v0.0.0-20170206155736-9520e82c474b" }, 92: { - "bom-ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19", + "bom-ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d", - "name": "github.com/nats-io/nats-server/v2", + "name": "github.com/mgutz/ansi", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19", + "purl": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d", "type": "library", - "version": "v2.9.19" + "version": "v0.0.0-20200706080929-d51e80ef957d" }, 93: { - "bom-ref": "pkg:golang/github.com/nats-io/nats.go@v1.24.0", + "bom-ref": "pkg:golang/github.com/minio/highwayhash@v1.0.1", - "name": "github.com/nats-io/nats.go", + "name": "github.com/minio/highwayhash", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/nats.go@v1.24.0", + "purl": "pkg:golang/github.com/minio/highwayhash@v1.0.1", "type": "library", - "version": "v1.24.0" + "version": "v1.0.1" }, 94: { - "bom-ref": "pkg:golang/github.com/nats-io/nats.go@v1.30.0", + "bom-ref": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", - "name": "github.com/nats-io/nats.go", + "name": "github.com/mitchellh/go-homedir", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/nats.go@v1.30.0", + "purl": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", "type": "library", - "version": "v1.30.0" + "version": "v1.1.0" }, 95: { - "bom-ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.4", + "bom-ref": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1", - "name": "github.com/nats-io/nkeys", + "name": "github.com/mitchellh/go-wordwrap", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/nkeys@v0.4.4", + "purl": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1", "type": "library", - "version": "v0.4.4" + "version": "v1.0.1" }, 96: { - "bom-ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.5", + "bom-ref": "pkg:golang/github.com/mitchellh/mapstructure@v1.4.1", - "name": "github.com/nats-io/nkeys", + "name": "github.com/mitchellh/mapstructure", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/nkeys@v0.4.5", + "purl": "pkg:golang/github.com/mitchellh/mapstructure@v1.4.1", "type": "library", - "version": "v0.4.5" + "version": "v1.4.1" }, 97: { - "bom-ref": "pkg:golang/github.com/nats-io/nuid@v1.0.1", + "bom-ref": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9", - "name": "github.com/nats-io/nuid", + "name": "github.com/nats-io/cliprompts/v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1", + "purl": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9", "type": "library", - "version": "v1.0.1" + "version": "v2.0.0-20200221130455-2737f3b8cbb9" }, 98: { - "bom-ref": "pkg:golang/github.com/nsf/termbox-go@v1.1.1", + "bom-ref": "pkg:golang/github.com/nats-io/jsm.go@v0.0.23", - "name": "github.com/nsf/termbox-go", + "name": "github.com/nats-io/jsm.go", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/nsf/termbox-go@v1.1.1", + "purl": "pkg:golang/github.com/nats-io/jsm.go@v0.0.23", "type": "library", - "version": "v1.1.1" + "version": "v0.0.23" }, 99: { - "bom-ref": "pkg:golang/github.com/prometheus/client_golang@v1.16.0", + "bom-ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0", - "name": "github.com/prometheus/client_golang", + "name": "github.com/nats-io/jwt", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/prometheus/client_golang@v1.16.0", + "purl": "pkg:golang/github.com/nats-io/jwt@v1.1.0", "type": "library", - "version": "v1.16.0" + "version": "v1.1.0" }, 100: { - "bom-ref": "pkg:golang/github.com/prometheus/client_model@v0.4.0", + "bom-ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2", - "name": "github.com/prometheus/client_model", + "name": "github.com/nats-io/jwt", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/prometheus/client_model@v0.4.0", + "purl": "pkg:golang/github.com/nats-io/jwt@v1.2.2", "type": "library", - "version": "v0.4.0" + "version": "v1.2.2" }, 101: { - "bom-ref": "pkg:golang/github.com/prometheus/common@v0.44.0", + "bom-ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9", - "name": "github.com/prometheus/common", + "name": "github.com/nats-io/nats-server/v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/prometheus/common@v0.44.0", + "purl": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9", "type": "library", - "version": "v0.44.0" + "version": "v2.1.9" }, 102: { - "bom-ref": "pkg:golang/github.com/prometheus/procfs@v0.11.1", + "bom-ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2", - "name": "github.com/prometheus/procfs", + "name": "github.com/nats-io/nats-server/v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/prometheus/procfs@v0.11.1", + "purl": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2", "type": "library", - "version": "v0.11.1" + "version": "v2.2.2" }, 103: { - "bom-ref": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3", + "bom-ref": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20201021145452-94be476ad6e0", - "name": "github.com/rhysd/go-github-selfupdate", + "name": "github.com/nats-io/nats.go", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3", + "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20201021145452-94be476ad6e0", "type": "library", - "version": "v1.2.3" + "version": "v1.10.1-0.20201021145452-94be476ad6e0" }, 104: { - "bom-ref": "pkg:golang/github.com/rivo/uniseg@v0.2.0", + "bom-ref": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20210427145106-109f3dd25f10", - "name": "github.com/rivo/uniseg", + "name": "github.com/nats-io/nats.go", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/rivo/uniseg@v0.2.0", + "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20210427145106-109f3dd25f10", "type": "library", - "version": "v0.2.0" + "version": "v1.10.1-0.20210427145106-109f3dd25f10" }, 105: { - "bom-ref": "pkg:golang/github.com/rivo/uniseg@v0.4.4", + "bom-ref": "pkg:golang/github.com/nsf/termbox-go@v0.0.0-20160808045038-e8f6d27f72a2", - "name": "github.com/rivo/uniseg", + "name": "github.com/nsf/termbox-go", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/rivo/uniseg@v0.4.4", + "purl": "pkg:golang/github.com/nsf/termbox-go@v0.0.0-20160808045038-e8f6d27f72a2", "type": "library", - "version": "v0.4.4" + "version": "v0.0.0-20160808045038-e8f6d27f72a2" }, 106: { - "bom-ref": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", + "bom-ref": "pkg:golang/github.com/pelletier/go-toml@v1.9.0", - "name": "github.com/russross/blackfriday/v2", + "name": "github.com/pelletier/go-toml", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", + "purl": "pkg:golang/github.com/pelletier/go-toml@v1.9.0", "type": "library", - "version": "v2.1.0" + "version": "v1.9.0" }, 107: { - "bom-ref": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1", + "bom-ref": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3", - "name": "github.com/santhosh-tekuri/jsonschema/v5", + "name": "github.com/rhysd/go-github-selfupdate", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1", + "purl": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3", "type": "library", - "version": "v5.3.1" + "version": "v1.2.3" }, 108: { - "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.6.1", + "bom-ref": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", - "name": "github.com/spf13/cobra", + "name": "github.com/russross/blackfriday/v2", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/spf13/cobra@v1.6.1", + "purl": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", "type": "library", - "version": "v1.6.1" + "version": "v2.1.0" }, 109: { - "bom-ref": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "bom-ref": "pkg:golang/github.com/spf13/afero@v1.6.0", - "name": "github.com/spf13/pflag", + "name": "github.com/spf13/afero", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "purl": "pkg:golang/github.com/spf13/afero@v1.6.0", "type": "library", - "version": "v1.0.5" + "version": "v1.6.0" }, 110: { - "bom-ref": "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2", + "bom-ref": "pkg:golang/github.com/spf13/cast@v1.3.1", - "name": "github.com/tcnksm/go-gitconfig", + "name": "github.com/spf13/cast", "properties": [ 0: { "name": "aquasecurity:trivy:LayerDiffID", - "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581" + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" }, 1: { "name": "aquasecurity:trivy:LayerDigest", - "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c" + "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade" }, 2: { "name": "aquasecurity:trivy:PkgType", "value": "gobinary" } ], - "purl": "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2", + "purl": "pkg:golang/github.com/spf13/cast@v1.3.1", "type": "library", - "version": "v0.1.2" + "version": "v1.3.1" } ], "dependencies": [ + 0: { + "dependsOn": [ + ], + "ref": "00d71201-cd27-4648-ad71-190cd4b4abf8" + }, 0: { "dependsOn": [ : "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.6", : "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible", : "pkg:golang/github.com/briandowns/spinner@v1.23.0", : "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2", : "pkg:golang/github.com/dustin/go-humanize@v1.0.1", : "pkg:golang/github.com/fatih/color@v1.15.0", : "pkg:golang/github.com/google/go-github/v30@v30.1.0", : "pkg:golang/github.com/google/go-querystring@v1.1.0", : "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf", : "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", : "pkg:golang/github.com/mattn/go-colorable@v0.1.13", : "pkg:golang/github.com/mattn/go-isatty@v0.0.17", : "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d", : "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", : "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1", : "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9", : "pkg:golang/github.com/nats-io/jsm.go@v0.0.35", : "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2", : "pkg:golang/github.com/nats-io/nats.go@v1.24.0", : "pkg:golang/github.com/nats-io/nkeys@v0.4.4", : "pkg:golang/github.com/nats-io/nuid@v1.0.1", : "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3", : "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", : "pkg:golang/github.com/spf13/cobra@v1.6.1", : "pkg:golang/github.com/spf13/pflag@v1.0.5", : "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2", : "pkg:golang/github.com/ulikunitz/xz@v0.5.11", : "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5", : "pkg:golang/golang.org/x/crypto@v0.7.0", : "pkg:golang/golang.org/x/oauth2@v0.6.0", : "pkg:golang/golang.org/x/sys@v0.6.0", : "pkg:golang/golang.org/x/term@v0.6.0", : "pkg:golang/golang.org/x/text@v0.8.0", : "pkg:golang/gopkg.in/yaml.v3@v3.0.1" ], "ref": "1041129c-b3a8-4896-9ba4-cf92e58ed5d2" }, + 1: { + "dependsOn": [ + ], + "ref": "02c6e323-75c9-41ad-a48b-ea236df51a1a" + }, 1: { "dependsOn": [ : "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7", : "pkg:golang/github.com/antonmedv/expr@v1.15.2", : "pkg:golang/github.com/beorn7/perks@v1.0.1", : "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", : "pkg:golang/github.com/choria-io/fisk@v0.6.0", : "pkg:golang/github.com/dustin/go-humanize@v1.0.1", : "pkg:golang/github.com/emicklei/dot@v1.6.0", : "pkg:golang/github.com/fatih/color@v1.15.0", : "pkg:golang/github.com/ghodss/yaml@v1.0.0", : "pkg:golang/github.com/golang/protobuf@v1.5.3", : "pkg:golang/github.com/google/go-cmp@v0.5.9", : "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510", : "pkg:golang/github.com/gosuri/uilive@v0.0.4", : "pkg:golang/github.com/gosuri/uiprogress@v0.0.1", : "pkg:golang/github.com/guptarohit/asciigraph@v0.5.6", : "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v1.1.2", : "pkg:golang/github.com/jedib0t/go-pretty/v6@v6.4.7", : "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", : "pkg:golang/github.com/klauspost/compress@v1.17.0", : "pkg:golang/github.com/mattn/go-colorable@v0.1.13", : "pkg:golang/github.com/mattn/go-isatty@v0.0.19", : "pkg:golang/github.com/mattn/go-runewidth@v0.0.15", : "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4", : "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d", : "pkg:golang/github.com/minio/highwayhash@v1.0.2", : "pkg:golang/github.com/nats-io/jsm.go@v0.1.0", : "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2", : "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0", : "pkg:golang/github.com/nats-io/nats.go@v1.30.0", : "pkg:golang/github.com/nats-io/nkeys@v0.4.5", : "pkg:golang/github.com/nats-io/nuid@v1.0.1", : "pkg:golang/github.com/prometheus/client_golang@v1.16.0", : "pkg:golang/github.com/prometheus/client_model@v0.4.0", : "pkg:golang/github.com/prometheus/common@v0.44.0", : "pkg:golang/github.com/prometheus/procfs@v0.11.1", : "pkg:golang/github.com/rivo/uniseg@v0.4.4", : "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1", : "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20210816161836-2e440612a39f", : "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5", : "pkg:golang/golang.org/x/crypto@v0.13.0", : "pkg:golang/golang.org/x/net@v0.15.0", : "pkg:golang/golang.org/x/sys@v0.12.0", : "pkg:golang/golang.org/x/term@v0.12.0", : "pkg:golang/golang.org/x/text@v0.13.0", : "pkg:golang/golang.org/x/time@v0.3.0", : "pkg:golang/google.golang.org/protobuf@v1.31.0", : "pkg:golang/gopkg.in/yaml.v2@v2.4.0", : "pkg:golang/gopkg.in/yaml.v3@v3.0.1" ], "ref": "4ce1b5d8-fb7a-4506-9c92-ff2ca0de8e69" }, + 2: { + "dependsOn": [ + ], + "ref": "036e29ed-0565-4dff-be02-dc8e2b0376d7" + }, 2: { "dependsOn": [ : "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/figlet@2.2.5-r3?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/jq@1.6-r3?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/ssl_client@1.36.1-r4?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4" ], "ref": "cca71fe4-4ff2-41e1-8078-5e584c508a31" }, + 3: { + "dependsOn": [ + ], + "ref": "1044da61-152a-465b-8952-c9e949247616" + }, 3: { "dependsOn": [ : "pkg:golang/github.com/klauspost/compress@v1.16.5", : "pkg:golang/github.com/mattn/go-runewidth@v0.0.14", : "pkg:golang/github.com/minio/highwayhash@v1.0.2", : "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1", : "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19", : "pkg:golang/github.com/nats-io/nkeys@v0.4.4", : "pkg:golang/github.com/nats-io/nuid@v1.0.1", : "pkg:golang/github.com/nsf/termbox-go@v1.1.1", : "pkg:golang/github.com/rivo/uniseg@v0.2.0", : "pkg:golang/golang.org/x/crypto@v0.9.0", : "pkg:golang/golang.org/x/sys@v0.8.0", : "pkg:golang/golang.org/x/time@v0.3.0", : "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a" ], "ref": "def80684-0ff2-4775-b7df-93952a5dd40e" }, + 4: { + "dependsOn": [ + : "417740b7-723b-4313-8059-5f1b4945dc11", + : "4497229a-93b4-4299-a9e6-a1070b6ffda5", + : "64ecbd63-f74a-4fcc-a240-3f8a16435789", + : "7b125efc-c47a-449d-b273-75828649b1a4", + : "dcadec35-53bc-493d-910d-9e96306127d1", + : "e192291f-a90f-4cc4-ad6d-0379a45256cd" + ], + "ref": "17d6a00d-ad1c-422f-ab52-07d021d4d62a" + }, 4: { "dependsOn": [ ], "ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4" }, + 5: { + "dependsOn": [ + ], + "ref": "1f71cc2c-4dae-4721-a209-956d08b69871" + }, 5: { "dependsOn": [ : "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4" }, + 6: { + "dependsOn": [ + ], + "ref": "232a0439-a241-452a-be09-f5d63c6335ef" + }, 6: { "dependsOn": [ ], "ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4" }, + 7: { + "dependsOn": [ + ], + "ref": "26b20f66-3994-4e05-adb5-c3a663fdc0d3" + }, 7: { "dependsOn": [ : "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4" }, + 8: { + "dependsOn": [ + ], + "ref": "2ce6cbe0-970f-4185-9e29-4e61713b2391" + }, 8: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4" }, + 9: { + "dependsOn": [ + ], + "ref": "2dabc52f-279a-4393-91e6-5b3034b68d60" + }, 9: { "dependsOn": [ : "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4" }, + 10: { + "dependsOn": [ + ], + "ref": "3550f049-6eb2-41a9-8e67-eec39e46a33d" + }, 10: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4" }, 11: { "dependsOn": [ ], - "ref": "1041129c-b3a8-4896-9ba4-cf92e58ed5d2" + "ref": "37100b09-d58e-456b-bf66-96cb133c434d" }, + 12: { + "dependsOn": [ + ], + "ref": "3a508e2a-ffa6-44b1-a334-46b9aaaf403b" + }, 12: { "dependsOn": [ : "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4" }, + 13: { + "dependsOn": [ + ], + "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33" + }, 13: { "dependsOn": [ : "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4" }, + 14: { + "dependsOn": [ + ], + "ref": "417740b7-723b-4313-8059-5f1b4945dc11" + }, 14: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/figlet@2.2.5-r3?arch=x86_64&distro=3.18.4" }, + 15: { + "dependsOn": [ + ], + "ref": "4497229a-93b4-4299-a9e6-a1070b6ffda5" + }, 15: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/jq@1.6-r3?arch=x86_64&distro=3.18.4" }, + 16: { + "dependsOn": [ + ], + "ref": "4fbc1e52-81cf-4163-a4c0-dfc0ae24f480" + }, 16: { "dependsOn": [ : "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4" }, + 17: { + "dependsOn": [ + ], + "ref": "5b9357f0-f8fd-4f05-a2c8-d43d47bad559" + }, 17: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4" }, + 18: { + "dependsOn": [ + : "2ce6cbe0-970f-4185-9e29-4e61713b2391", + : "3cafed8d-2194-4bd3-bdf6-9f8b02673b33", + : "8d4a3605-99a8-40ad-960e-858be6815082", + : "ad12cc30-75c9-4dbe-9cd7-19b5b086be4e", + : "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4", + : "d99b8db3-8f9e-41a4-bb16-0c1936f401d3" + ], + "ref": "5bedfcbd-bcb9-4b36-ac1c-69b77c8b0b45" + }, 18: { "dependsOn": [ : "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4" }, 19: { "dependsOn": [ - 0: "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510", + 0: "2dabc52f-279a-4393-91e6-5b3034b68d60", - 0: "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7" - 1: "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51" + 1: "3a508e2a-ffa6-44b1-a334-46b9aaaf403b" - 1: "pkg:golang/github.com/antonmedv/expr@v1.15.2" ], - "ref": "4ce1b5d8-fb7a-4506-9c92-ff2ca0de8e69" + "ref": "5e630d92-734e-441e-97bc-292689866d19" }, + 20: { + "dependsOn": [ + ], + "ref": "63635711-87a0-4f17-a181-a1a240810ec4" + }, 20: { "dependsOn": [ : "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4" }, + 21: { + "dependsOn": [ + ], + "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789" + }, 21: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4" }, + 22: { + "dependsOn": [ + ], + "ref": "6bd9a336-e7bc-41d1-8c95-294cb3eb6726" + }, 22: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4" }, + 23: { + "dependsOn": [ + ], + "ref": "718081db-83c2-4309-87c8-e43228139b88" + }, 23: { "dependsOn": [ ], "ref": "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" }, + 24: { + "dependsOn": [ + ], + "ref": "7b125efc-c47a-449d-b273-75828649b1a4" + }, 24: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4" }, + 25: { + "dependsOn": [ + ], + "ref": "7dba7372-931a-407d-a918-76bcac292907" + }, 25: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4" }, + 26: { + "dependsOn": [ + ], + "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb" + }, 26: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4" }, + 27: { + "dependsOn": [ + ], + "ref": "8075733b-5b92-4bdc-9b3a-1ea48bff49ad" + }, 27: { "dependsOn": [ : "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/ssl_client@1.36.1-r4?arch=x86_64&distro=3.18.4" }, + 28: { + "dependsOn": [ + ], + "ref": "84eac386-ca89-4217-8a72-84d77e3bd144" + }, 28: { "dependsOn": [ : "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" ], "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4" }, + 29: { + "dependsOn": [ + ], + "ref": "8623282c-313d-4047-9f16-bcfd7e550997" + }, 29: { "dependsOn": [ ], "ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.6" }, + 30: { + "dependsOn": [ + ], + "ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77" + }, 30: { "dependsOn": [ ], "ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7" }, + 31: { + "dependsOn": [ + ], + "ref": "8d4a3605-99a8-40ad-960e-858be6815082" + }, 31: { "dependsOn": [ ], "ref": "pkg:golang/github.com/antonmedv/expr@v1.15.2" }, + 32: { + "dependsOn": [ + ], + "ref": "90b91b63-c94e-469d-87ef-b98807e67bfb" + }, 32: { "dependsOn": [ ], "ref": "pkg:golang/github.com/beorn7/perks@v1.0.1" }, + 33: { + "dependsOn": [ + ], + "ref": "99b7b900-55f8-4676-8c8f-32262681845b" + }, 33: { "dependsOn": [ ], "ref": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible" }, + 34: { + "dependsOn": [ + ], + "ref": "a6b681f9-0866-480c-9a19-7df19b930d0d" + }, 34: { "dependsOn": [ ], "ref": "pkg:golang/github.com/briandowns/spinner@v1.23.0" }, + 35: { + "dependsOn": [ + ], + "ref": "ab2a2a27-ce28-429e-a2d9-985a5b58ff2f" + }, 35: { "dependsOn": [ ], "ref": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0" }, - 35: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0" - }, + 36: { + "dependsOn": [ + ], + "ref": "ad12cc30-75c9-4dbe-9cd7-19b5b086be4e" + }, 36: { "dependsOn": [ ], "ref": "pkg:golang/github.com/choria-io/fisk@v0.6.0" }, - 36: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/choria-io/fisk@v0.6.0" - }, + 37: { + "dependsOn": [ + ], + "ref": "ae9d8fc6-a066-4e24-bc8c-cdfe17a737c0" + }, 37: { "dependsOn": [ ], "ref": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2" }, + 38: { + "dependsOn": [ + ], + "ref": "af137522-c78a-4301-becc-f921d74266c9" + }, 38: { "dependsOn": [ ], "ref": "pkg:golang/github.com/dustin/go-humanize@v1.0.1" }, - 38: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/dustin/go-humanize@v1.0.1" - }, + 39: { + "dependsOn": [ + ], + "ref": "bedd6971-db83-4b95-a3ec-2d000422efed" + }, 39: { "dependsOn": [ ], "ref": "pkg:golang/github.com/emicklei/dot@v1.6.0" }, + 40: { + "dependsOn": [ + ], + "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4" + }, 40: { "dependsOn": [ ], "ref": "pkg:golang/github.com/fatih/color@v1.15.0" }, + 41: { + "dependsOn": [ + ], + "ref": "c85c3481-4815-486c-82e9-dba0f7a3eac6" + }, 41: { "dependsOn": [ ], "ref": "pkg:golang/github.com/ghodss/yaml@v1.0.0" }, 42: { "dependsOn": [ ], - "ref": "cca71fe4-4ff2-41e1-8078-5e584c508a31" + "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c" }, - 42: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/golang/protobuf@v1.5.3" - }, 43: { "dependsOn": [ ], - "ref": "def80684-0ff2-4775-b7df-93952a5dd40e" + "ref": "ce8adfce-acb4-4fe1-b310-bd23e88e4e57" }, 44: { "dependsOn": [ + 0: "pkg:apk/alpine/alpine-baselayout@3.2.0-r8?arch=x86_64&distro=3.13.2" + 1: "pkg:apk/alpine/alpine-keys@2.2-r0?arch=x86_64&distro=3.13.2" + 2: "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2" + 3: "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2" + 4: "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2" + 5: "pkg:apk/alpine/ca-certificates@20191127-r5?arch=x86_64&distro=3.13.2" + 6: "pkg:apk/alpine/figlet@2.2.5-r1?arch=x86_64&distro=3.13.2" + 7: "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&distro=3.13.2" + 8: "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2" + 9: "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2" + 10: "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2" + 11: "pkg:apk/alpine/musl-utils@1.2.2-r0?arch=x86_64&distro=3.13.2" + 12: "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2" + 13: "pkg:apk/alpine/scanelf@1.2.8-r0?arch=x86_64&distro=3.13.2" + 14: "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2" + 15: "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2" ], - "ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4" + "ref": "cfba38a6-98c7-43e7-82ac-7841dd9513ca" }, 45: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4" + "ref": "d3c7fe00-7922-44b3-ab7a-6815c8754dfa" }, 46: { "dependsOn": [ + 0: "02c6e323-75c9-41ad-a48b-ea236df51a1a" + 1: "036e29ed-0565-4dff-be02-dc8e2b0376d7" + 2: "1044da61-152a-465b-8952-c9e949247616" + 3: "1f71cc2c-4dae-4721-a209-956d08b69871" + 4: "6bd9a336-e7bc-41d1-8c95-294cb3eb6726" + 5: "8623282c-313d-4047-9f16-bcfd7e550997" + 6: "869288c8-06d2-4a38-8b68-ced0ff17bc77" + 7: "ab2a2a27-ce28-429e-a2d9-985a5b58ff2f" + 8: "ae9d8fc6-a066-4e24-bc8c-cdfe17a737c0" + 9: "af137522-c78a-4301-becc-f921d74266c9" + 10: "bedd6971-db83-4b95-a3ec-2d000422efed" + 11: "ce164c60-ee4f-4360-a85f-73106cf59f6c" + 12: "d3c7fe00-7922-44b3-ab7a-6815c8754dfa" + 13: "f97ba060-ad20-45f4-ac69-fc24d30411ad" + 14: "pkg:golang/github.com/alecthomas/template@v0.0.0-20190718012654-fb15b899a751" + 15: "pkg:golang/github.com/alecthomas/units@v0.0.0-20210208195552-ff826a37aa15" + 16: "pkg:golang/github.com/emicklei/dot@v0.15.0" + 17: "pkg:golang/github.com/ghodss/yaml@v1.0.0" + 18: "pkg:golang/github.com/google/go-cmp@v0.5.5" + 19: "pkg:golang/github.com/gosuri/uilive@v0.0.4" + 20: "pkg:golang/github.com/gosuri/uiprogress@v0.0.1" + 21: "pkg:golang/github.com/guptarohit/asciigraph@v0.5.2" + 22: "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v0.9.0" + 23: "pkg:golang/github.com/klauspost/compress@v1.12.1" + 24: "pkg:golang/github.com/mgutz/ansi@v0.0.0-20170206155736-9520e82c474b" + 25: "pkg:golang/github.com/minio/highwayhash@v1.0.1" + 26: "pkg:golang/github.com/nats-io/jsm.go@v0.0.23" + 27: "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2" + 28: "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20210427145106-109f3dd25f10" + 29: "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20180430173243-73b8d31ba571" + 30: "pkg:golang/github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb" + 31: "pkg:golang/github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415" + 32: "pkg:golang/github.com/xeipuuv/gojsonschema@v1.2.0" + 33: "pkg:golang/golang.org/x/sys@v0.0.0-20210421221651-33663a62ff08" + 34: "pkg:golang/golang.org/x/time@v0.0.0-20200416051211-89c76fbcd5d1" + 35: "pkg:golang/gopkg.in/alecthomas/kingpin.v2@v2.2.6" ], - "ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4" + "ref": "d7122973-9d0f-4e27-bc7b-f3930bde6889" }, - 46: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510" - }, 47: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4" + "ref": "d8213071-7f1e-4f2e-bdac-e66ee0c2dde6" }, 48: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4" + "ref": "d99b8db3-8f9e-41a4-bb16-0c1936f401d3" }, 49: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4" + "ref": "dcadec35-53bc-493d-910d-9e96306127d1" }, 50: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4" + "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd" }, 51: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4" + "ref": "e2cef7b8-d52f-49c6-9c4c-fce547506589" }, 52: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4" + "ref": "f0745570-156e-489b-9743-7a6c34f2b983" }, - 52: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/jedib0t/go-pretty/v6@v6.4.7" - }, 53: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4" + "ref": "f97ba060-ad20-45f4-ac69-fc24d30411ad" }, - 53: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51" - }, 54: { "dependsOn": [ + 0: "26b20f66-3994-4e05-adb5-c3a663fdc0d3" + 1: "3550f049-6eb2-41a9-8e67-eec39e46a33d" + 2: "5b9357f0-f8fd-4f05-a2c8-d43d47bad559" + 3: "63635711-87a0-4f17-a181-a1a240810ec4" + 4: "7dba7372-931a-407d-a918-76bcac292907" + 5: "8075733b-5b92-4bdc-9b3a-1ea48bff49ad" + 6: "84eac386-ca89-4217-8a72-84d77e3bd144" + 7: "99b7b900-55f8-4676-8c8f-32262681845b" + 8: "a6b681f9-0866-480c-9a19-7df19b930d0d" + 9: "c85c3481-4815-486c-82e9-dba0f7a3eac6" + 10: "ce8adfce-acb4-4fe1-b310-bd23e88e4e57" + 11: "d8213071-7f1e-4f2e-bdac-e66ee0c2dde6" + 12: "e2cef7b8-d52f-49c6-9c4c-fce547506589" + 13: "f0745570-156e-489b-9743-7a6c34f2b983" + 14: "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible" + 15: "pkg:golang/github.com/briandowns/spinner@v1.12.0" + 16: "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.0" + 17: "pkg:golang/github.com/fsnotify/fsnotify@v1.4.9" + 18: "pkg:golang/github.com/google/go-github/v30@v30.1.0" + 19: "pkg:golang/github.com/google/go-querystring@v1.1.0" + 20: "pkg:golang/github.com/hashicorp/hcl@v1.0.0" + 21: "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf" + 22: "pkg:golang/github.com/magiconair/properties@v1.8.5" + 23: "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d" + 24: "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0" + 25: "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1" + 26: "pkg:golang/github.com/mitchellh/mapstructure@v1.4.1" + 27: "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9" + 28: "pkg:golang/github.com/nats-io/jwt@v1.2.2" + 29: "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20201021145452-94be476ad6e0" + 30: "pkg:golang/github.com/pelletier/go-toml@v1.9.0" + 31: "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3" + 32: "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0" + 33: "pkg:golang/github.com/spf13/afero@v1.6.0" + 34: "pkg:golang/github.com/spf13/cast@v1.3.1" + 35: "pkg:golang/github.com/spf13/cobra@v1.1.3" + 36: "pkg:golang/github.com/spf13/jwalterweatherman@v1.1.0" + 37: "pkg:golang/github.com/spf13/pflag@v1.0.5" + 38: "pkg:golang/github.com/spf13/viper@v1.7.1" + 39: "pkg:golang/github.com/subosito/gotenv@v1.2.0" + 40: "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2" + 41: "pkg:golang/github.com/ulikunitz/xz@v0.5.10" + 42: "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781" + 43: "pkg:golang/golang.org/x/oauth2@v0.0.0-20210427180440-81ed05c6b58c" + 44: "pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887" ], - "ref": "pkg:apk/alpine/figlet@2.2.5-r3?arch=x86_64&distro=3.18.4" + "ref": "fff3d909-640a-4173-b0c3-b23507dd77d3" }, 55: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/jq@1.6-r3?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/alpine-baselayout@3.2.0-r8?arch=x86_64&distro=3.13.2" }, 56: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/alpine-keys@2.2-r0?arch=x86_64&distro=3.13.2" }, - 56: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/mattn/go-colorable@v0.1.13" - }, 57: { "dependsOn": [ + 0: "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2" + 1: "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2" + 2: "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2" ], - "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2" }, - 57: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.17" - }, 58: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2" }, - 58: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.19" - }, 59: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2" }, 60: { "dependsOn": [ + 0: "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2" ], - "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/ca-certificates@20191127-r5?arch=x86_64&distro=3.13.2" }, - 60: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.15" - }, 61: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/figlet@2.2.5-r1?arch=x86_64&distro=3.13.2" }, 62: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&distro=3.13.2" }, 63: { "dependsOn": [ + 0: "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2" ], - "ref": "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2" }, 64: { "dependsOn": [ + 0: "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2" ], - "ref": "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2" }, 65: { "dependsOn": [ + 0: "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2" + 1: "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2" + 2: "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2" ], - "ref": "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2" }, 66: { "dependsOn": [ + 0: "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2" ], - "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/musl-utils@1.2.2-r0?arch=x86_64&distro=3.13.2" }, 67: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/ssl_client@1.36.1-r4?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2" }, 68: { "dependsOn": [ ], - "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4" + "ref": "pkg:apk/alpine/scanelf@1.2.8-r0?arch=x86_64&distro=3.13.2" }, - 68: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/nats-io/jsm.go@v0.1.0" - }, 69: { "dependsOn": [ + 0: "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2" + 1: "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2" ], - "ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.6" + "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2" }, 70: { "dependsOn": [ + 0: "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2" ], - "ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7" + "ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2" }, 71: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/antonmedv/expr@v1.15.2" + "ref": "pkg:golang/github.com/alecthomas/template@v0.0.0-20190718012654-fb15b899a751" }, 72: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/beorn7/perks@v1.0.1" + "ref": "pkg:golang/github.com/alecthomas/units@v0.0.0-20210208195552-ff826a37aa15" }, 73: { "dependsOn": [ ], "ref": "pkg:golang/github.com/nats-io/nats.go@v1.24.0" }, 74: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/briandowns/spinner@v1.23.0" + "ref": "pkg:golang/github.com/briandowns/spinner@v1.12.0" }, 75: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2" + "ref": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.0" }, - 75: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.4" - }, 76: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/emicklei/dot@v1.6.0" + "ref": "pkg:golang/github.com/emicklei/dot@v0.15.0" }, - 76: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.5" - }, 77: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/fatih/color@v1.15.0" + "ref": "pkg:golang/github.com/fsnotify/fsnotify@v1.4.9" }, - 77: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/nats-io/nuid@v1.0.1" - }, 78: { "dependsOn": [ ], "ref": "pkg:golang/github.com/nsf/termbox-go@v1.1.1" }, 79: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/google/go-cmp@v0.5.9" + "ref": "pkg:golang/github.com/google/go-cmp@v0.5.5" }, - 79: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/prometheus/client_golang@v1.16.0" - }, - 80: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/prometheus/client_model@v0.4.0" - }, - 81: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/prometheus/common@v0.44.0" - }, 82: { "dependsOn": [ ], "ref": "pkg:golang/github.com/prometheus/procfs@v0.11.1" }, 83: { "dependsOn": [ ], "ref": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3" }, 84: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.6" + "ref": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.2" }, - 84: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/rivo/uniseg@v0.2.0" - }, + 85: { + "dependsOn": [ + ], + "ref": "pkg:golang/github.com/hashicorp/hcl@v1.0.0" + }, 85: { "dependsOn": [ ], "ref": "pkg:golang/github.com/rivo/uniseg@v0.4.4" }, - 85: { - "dependsOn": [ - ], - "ref": "pkg:golang/github.com/rivo/uniseg@v0.4.4" - }, 86: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v1.1.2" + "ref": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v0.9.0" }, 87: { "dependsOn": [ ], "ref": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1" }, 88: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/klauspost/compress@v1.16.5" + "ref": "pkg:golang/github.com/klauspost/compress@v1.12.1" }, 89: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/klauspost/compress@v1.17.0" + "ref": "pkg:golang/github.com/magiconair/properties@v1.8.5" }, 90: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14" + "ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.1" }, 91: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.15" + "ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20170206155736-9520e82c474b" }, 92: { "dependsOn": [ ], "ref": "pkg:golang/github.com/ulikunitz/xz@v0.5.11" }, 93: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/minio/highwayhash@v1.0.2" + "ref": "pkg:golang/github.com/minio/highwayhash@v1.0.1" } 94: { "dependsOn": [ ], "ref": "pkg:golang/golang.org/x/crypto@v0.13.0" } 95: { "dependsOn": [ ], "ref": "pkg:golang/golang.org/x/crypto@v0.7.0" } + 96: { + "dependsOn": [ + ], + "ref": "pkg:golang/github.com/mitchellh/mapstructure@v1.4.1" + } 96: { "dependsOn": [ ], "ref": "pkg:golang/golang.org/x/crypto@v0.9.0" } 97: { "dependsOn": [ ], "ref": "pkg:golang/golang.org/x/net@v0.15.0" } 98: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/nats-io/jsm.go@v0.0.35" + "ref": "pkg:golang/github.com/nats-io/jsm.go@v0.0.23" } 99: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1" + "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0" } 100: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2" + "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2" } - 100: { - "dependsOn": [ - ], - "ref": "pkg:golang/golang.org/x/sys@v0.6.0" - } 101: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0" + "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9" } 102: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19" + "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2" } - 102: { - "dependsOn": [ - ], - "ref": "pkg:golang/golang.org/x/term@v0.12.0" - } 103: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/nats-io/nats.go@v1.24.0" + "ref": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20201021145452-94be476ad6e0" } - 103: { - "dependsOn": [ - ], - "ref": "pkg:golang/golang.org/x/term@v0.6.0" - } 104: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/nats-io/nats.go@v1.30.0" + "ref": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20210427145106-109f3dd25f10" } - 104: { - "dependsOn": [ - ], - "ref": "pkg:golang/golang.org/x/text@v0.13.0" - } 105: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/nsf/termbox-go@v1.1.1" + "ref": "pkg:golang/github.com/nsf/termbox-go@v0.0.0-20160808045038-e8f6d27f72a2" } - 105: { - "dependsOn": [ - ], - "ref": "pkg:golang/golang.org/x/text@v0.8.0" - } 106: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/prometheus/common@v0.44.0" + "ref": "pkg:golang/github.com/pelletier/go-toml@v1.9.0" } 107: { "dependsOn": [ ], "ref": "pkg:golang/google.golang.org/protobuf@v1.31.0" } 108: { "dependsOn": [ ], "ref": "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a" } + 109: { + "dependsOn": [ + ], + "ref": "pkg:golang/github.com/spf13/afero@v1.6.0" + } 109: { "dependsOn": [ ], "ref": "pkg:golang/gopkg.in/yaml.v2@v2.4.0" } 110: { "dependsOn": [ ], - "ref": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1" + "ref": "pkg:golang/github.com/spf13/cast@v1.3.1" } - 110: { - "dependsOn": [ - ], - "ref": "pkg:golang/gopkg.in/yaml.v3@v3.0.1" - } 111: { "dependsOn": [ : "1041129c-b3a8-4896-9ba4-cf92e58ed5d2", : "4ce1b5d8-fb7a-4506-9c92-ff2ca0de8e69", : "cca71fe4-4ff2-41e1-8078-5e584c508a31", : "def80684-0ff2-4775-b7df-93952a5dd40e" ], - "ref": "pkg:golang/github.com/spf13/cobra@v1.6.1" + "ref": "pkg:golang/github.com/spf13/cobra@v1.1.3" } + 111: { + "dependsOn": [ + ], + "ref": "pkg:golang/github.com/spf13/cobra@v1.1.3" + } 111: { "dependsOn": [ : "1041129c-b3a8-4896-9ba4-cf92e58ed5d2", : "4ce1b5d8-fb7a-4506-9c92-ff2ca0de8e69", : "cca71fe4-4ff2-41e1-8078-5e584c508a31", : "def80684-0ff2-4775-b7df-93952a5dd40e" ], "ref": "pkg:oci/nats-box@sha256%3Aa67913df95f1d5b265117e49e4c83228091d13d6783d80215ddcf84aba695ef4?arch=amd64&repository_url=index.docker.io%2Fnatsio%2Fnats-box" } + 114: { + "dependsOn": [ + ], + "ref": "pkg:golang/github.com/spf13/viper@v1.7.1" + } + 115: { + "dependsOn": [ + ], + "ref": "pkg:golang/github.com/subosito/gotenv@v1.2.0" + } ], "metadata": { "component": { - "bom-ref": "pkg:oci/nats-box@sha256%3Aa67913df95f1d5b265117e49e4c83228091d13d6783d80215ddcf84aba695ef4?arch=amd64&repository_url=index.docker.io%2Fnatsio%2Fnats-box", + "bom-ref": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fsynadia%2Fnats-box", - "name": "natsio/nats-box:0.14.1", + "name": "synadia/nats-box", "properties": [ + 0: { + "name": "aquasecurity:trivy:DiffID", + "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36" + }, 0: { "name": "aquasecurity:trivy:DiffID", "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438,sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581,sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822,sha256:10f907811045b5d89e111819899be9b23c7899d6ca621b88e382d734e8db51af,sha256:6c5c015d50df16c2634e042303b975f72846a0d35146f460c3fdb1627d6a696d,sha256:e84070d74aa1753864c9a59f7d365e39eb3e51d1dac914c32a2b4a4e5d9c3af7,sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" }, 1: { "name": "aquasecurity:trivy:ImageID", - "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438,sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581,sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822,sha256:10f907811045b5d89e111819899be9b23c7899d6ca621b88e382d734e8db51af,sha256:6c5c015d50df16c2634e042303b975f72846a0d35146f460c3fdb1627d6a696d,sha256:e84070d74aa1753864c9a59f7d365e39eb3e51d1dac914c32a2b4a4e5d9c3af7,sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + "value": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" }, + 2: { + "name": "aquasecurity:trivy:DiffID", + "value": "sha256:99fda372d2c549fd72cbf862d913eb50cd5c11bb91bec9fb184949cbfb64458f" + }, 2: { "name": "aquasecurity:trivy:RepoDigest", "value": "natsio/nats-box@sha256:a67913df95f1d5b265117e49e4c83228091d13d6783d80215ddcf84aba695ef4" }, + 3: { + "name": "aquasecurity:trivy:DiffID", + "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7" + }, 3: { "name": "aquasecurity:trivy:RepoTag", "value": "natsio/nats-box:0.14.1" } + 4: { + "name": "aquasecurity:trivy:DiffID", + "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23" + } 4: { "name": "aquasecurity:trivy:SchemaVersion", "value": "2" } + 5: { + "name": "aquasecurity:trivy:DiffID", + "value": "sha256:f71b4f2368074b5ba538e48e56b57707ce43ff5db5b61a62a79b8964cd352ca2" + } + 8: { + "name": "aquasecurity:trivy:RepoDigest", + "value": "synadia/nats-box@sha256:caf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be" + } ], - "purl": "pkg:oci/nats-box@sha256%3Aa67913df95f1d5b265117e49e4c83228091d13d6783d80215ddcf84aba695ef4?arch=amd64&repository_url=index.docker.io%2Fnatsio%2Fnats-box", + "purl": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fsynadia%2Fnats-box", "type": "container" }, - "timestamp": "2024-03-20T08:14:05+00:00", + "timestamp": "2024-03-20T14:47:22+00:00", "tools": { "components": [ 0: { "group": "aquasecurity", "name": "trivy", "type": "application", - "version": "0.49.1" + "version": "0.50.0" } ] } }, - "serialNumber": "urn:uuid:6eec6ee9-3a97-4531-acb1-214ac9b87ecf", + "serialNumber": "urn:uuid:bc1d1e2d-8e64-4b3a-96b7-651de3b09048", "specVersion": "1.5", "version": 1, "vulnerabilities": [ 0: { "advisories": [ 0: { - "url": "https://avd.aquasec.com/nvd/cve-2023-39325" + "url": "https://avd.aquasec.com/nvd/cve-2018-25032" }, 1: { - "url": "golang.org/x/net" + "url": "http://seclists.org/fulldisclosure/2022/May/33" }, 2: { - "url": "https://access.redhat.com/errata/RHSA-2023:6077" + "url": "http://seclists.org/fulldisclosure/2022/May/35" }, 3: { - "url": "https://access.redhat.com/security/cve/CVE-2023-39325" + "url": "http://seclists.org/fulldisclosure/2022/May/38" }, 4: { - "url": "https://access.redhat.com/security/cve/CVE-2023-44487" + "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" }, 5: { - "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" + "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" }, 6: { - "url": "https://bugzilla.redhat.com/2242803" + "url": "https://access.redhat.com/errata/RHSA-2022:8420" }, 7: { - "url": "https://bugzilla.redhat.com/2243296" + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json" }, 8: { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" + "url": "https://access.redhat.com/security/cve/CVE-2018-25032" }, 9: { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" + "url": "https://bugzilla.redhat.com/2067945" }, 10: { - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325" + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, 11: { - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487" + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" }, 12: { - "url": "https://errata.almalinux.org/9/ALSA-2023-6077.html" + "url": "https://errata.almalinux.org/9/ALSA-2022-8420.html" }, 13: { - "url": "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]" + "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" }, - 13: { - "url": "https://errata.rockylinux.org/RLSA-2023:6077" - }, 14: { - "url": "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]" + "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" }, 15: { - "url": "https://github.com/golang/go/issues/63417" + "url": "https://github.com/madler/zlib/issues/605" }, 16: { - "url": "https://go.dev/cl/534215" + "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml" }, 17: { - "url": "https://go.dev/cl/534235" + "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" }, 18: { - "url": "https://go.dev/issue/63417" + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" }, 19: { - "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ" + "url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" }, 20: { - "url": "https://linux.oracle.com/cve/CVE-2023-39325.html" + "url": "https://linux.oracle.com/cve/CVE-2018-25032.html" }, 21: { - "url": "https://linux.oracle.com/errata/ELSA-2023-5867.html" + "url": "https://linux.oracle.com/errata/ELSA-2022-9565.html" }, 22: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/" + "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" }, 23: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/" + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" }, - 23: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O" - }, 24: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT" + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html" }, - 24: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/" - }, 25: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/" }, - 25: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH" - }, 26: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" }, - 26: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/" - }, 27: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/" }, - 27: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2" - }, 28: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" }, 29: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" }, - 29: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR" - }, 30: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" }, - 30: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/" - }, 31: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF" }, - 31: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647" - }, 32: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74" + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB" }, - 32: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/" - }, 33: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4" }, - 33: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B" - }, 34: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I" + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F" }, - 34: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" - }, 35: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU" + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y" }, - 35: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2" - }, 36: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI" + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU" }, - 36: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" - }, 37: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" }, - 37: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L" - }, 38: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/" + "url": "https://security.gentoo.org/glsa/202210-42" }, 39: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2" + "url": "https://security.netapp.com/advisory/ntap-20220526-0009" }, - 39: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD" - }, 40: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/" + "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" }, - 40: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/" - }, 41: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2" + "url": "https://security.netapp.com/advisory/ntap-20220729-0004" }, 42: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" + "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, 43: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY" + "url": "https://support.apple.com/kb/HT213255" }, - 43: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7" - }, 44: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/" + "url": "https://support.apple.com/kb/HT213256" }, - 44: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/" - }, 45: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P" + "url": "https://support.apple.com/kb/HT213257" }, - 45: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE" - }, 46: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/" + "url": "https://ubuntu.com/security/notices/USN-5355-1" }, - 46: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/" - }, 47: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV" + "url": "https://ubuntu.com/security/notices/USN-5355-2" }, - 47: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6" - }, 48: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/" + "url": "https://ubuntu.com/security/notices/USN-5359-1" }, - 48: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/" - }, 49: { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" + "url": "https://ubuntu.com/security/notices/USN-5359-2" }, - 49: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P" - }, 50: { - "url": "https://pkg.go.dev/vuln/GO-2023-2102" + "url": "https://ubuntu.com/security/notices/USN-5739-1" }, - 50: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" - }, 51: { - "url": "https://security.gentoo.org/glsa/202311-09" + "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032" }, - 51: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE" - }, 52: { - "url": "https://security.netapp.com/advisory/ntap-20231110-0008" + "url": "https://www.debian.org/security/2022/dsa-5111" }, 53: { - "url": "https://security.netapp.com/advisory/ntap-20231110-0008/" + "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" }, - 53: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6" - }, 54: { - "url": "https://ubuntu.com/security/notices/USN-6574-1" + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" }, 55: { - "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" }, - 55: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z" - }, 56: { - "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, - 56: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/" - }, 57: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7" }, 58: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/" }, 59: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q" }, 60: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/" }, 61: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74" }, 62: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/" }, 63: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I" }, - 64: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/" - }, - 65: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS" - } - 66: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/" - } 67: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU" } - 68: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/" - } 69: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI" } - 70: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/" - } 71: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ" } 72: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/" } - 73: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP" - } - 74: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/" - } 75: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2" } 76: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/" } - 77: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH" - } - 78: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/" - } 79: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2" } 80: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" } 81: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY" } 82: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/" } 83: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P" } 84: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/" } 85: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV" } 86: { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/" } 87: { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" } 88: { "url": "https://pkg.go.dev/vuln/GO-2023-2102" } 89: { "url": "https://security.gentoo.org/glsa/202311-09" } 90: { "url": "https://security.netapp.com/advisory/ntap-20231110-0008" } 91: { "url": "https://security.netapp.com/advisory/ntap-20231110-0008/" } 92: { "url": "https://ubuntu.com/security/notices/USN-6574-1" } 93: { "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } 94: { "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" } ], "affects": [ 0: { - "ref": "pkg:golang/golang.org/x/net@v0.15.0", + "ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2", "versions": [ 0: { "status": "affected", - "version": "v0.15.0" + "version": "1.2.11-r3" } ] } ], "cwes": [ - 0: 770 + 0: 787 ], - "description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", - "id": "CVE-2023-39325", + "id": "CVE-2018-25032", - "published": "2023-10-11T22:15:09+00:00", + "published": "2022-03-25T09:15:08+00:00", "ratings": [ 0: { - "severity": "medium", + "severity": "high", "source": { "name": "alma" } }, 1: { "severity": "high", "source": { "name": "amazon" } }, - 2: { - "method": "CVSSv31", - "score": 7.5, - "severity": "high", - "source": { - "name": "bitnami" - }, - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - }, 3: { "severity": "high", "source": { "name": "cbl-mariner" } }, + 4: { + "method": "CVSSv2", + "score": 5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P" + }, 4: { "method": "CVSSv31", "score": 7.5, "severity": "high", "source": { "name": "ghsa" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, 5: { "method": "CVSSv31", "score": 7.5, "severity": "high", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, + 6: { + "severity": "high", + "source": { + "name": "oracle-oval" + } + }, 6: { "severity": "medium", "source": { "name": "oracle-oval" } }, 7: { "method": "CVSSv31", "score": 7.5, - "severity": "medium", + "severity": "high", "source": { - "name": "oracle-oval" + "name": "photon" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, 8: { "severity": "medium", "source": { "name": "rocky" } }, 9: { - "severity": "medium", + "severity": "high", "source": { - "name": "rocky" + "name": "ruby-advisory-db" } } ], - "recommendation": "Upgrade golang.org/x/net to version 0.17.0", + "recommendation": "Upgrade zlib to version 1.2.12-r0", "source": { - "name": "ghsa", + "name": "alpine", - "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + "url": "https://secdb.alpinelinux.org/" }, - "updated": "2024-03-10T04:15:05+00:00" + "updated": "2023-11-07T02:56:26+00:00" }, 1: { "advisories": [ 0: { - "url": "https://avd.aquasec.com/nvd/cve-2023-44487" + "url": "https://avd.aquasec.com/nvd/cve-2019-13126" }, 1: { - "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487" + "url": "https://github.com/nats-io/nats-server/commit/07ef71ff98f45f8c2711be4aeaf484610d891dda" }, - 1: { - "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4" - }, 2: { - "url": "https://github.com/caddyserver/caddy/issues/5877" + "url": "https://github.com/nats-io/nats-server/commits/master" }, - 2: { - "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9" - }, 3: { - "url": "https://github.com/line/armeria/pull/5232" + "url": "https://github.com/nats-io/nats-server/pull/1053" }, - 3: { - "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4" - }, 4: { - "url": "https://github.com/nodejs/node/pull/50121" + "url": "https://github.com/nats-io/nats-server/pull/1441" }, - 4: { - "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" - }, 5: { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13126" }, - 5: { - "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6" - }, 6: { - "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487" + "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126" }, - 6: { - "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8" - }, 7: { - "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/" + "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/" }, - 7: { - "url": "https://access.redhat.com/errata/RHSA-2023:6746" - }, - 8: { - "url": "https://access.redhat.com/security/cve/CVE-2023-44487" - }, - 9: { - "url": "https://access.redhat.com/security/cve/cve-2023-44487" - }, - 10: { - "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size" - }, - 11: { - "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/" - }, - 12: { - "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011" - }, - 13: { - "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/" - }, - 14: { - "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack" - }, - 15: { - "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/" - }, - 16: { - "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack" - }, - 17: { - "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" - }, - 18: { - "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty" - }, - 19: { - "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/" - }, - 20: { - "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack" - }, - 21: { - "url": "https://blog.vespa.ai/cve-2023-44487" - }, - 22: { - "url": "https://blog.vespa.ai/cve-2023-44487/" - }, - 23: { - "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988" - }, - 24: { - "url": "https://bugzilla.redhat.com/2242803" - }, - 25: { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" - }, - 26: { - "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123" - }, - 27: { - "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9" - }, - 28: { - "url": "https://chaos.social/@icing/111210915918780532" - }, - 29: { - "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps" - }, - 30: { - "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/" - }, - 31: { - "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" - }, - 32: { - "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125" - }, - 33: { - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487" - }, - 34: { - "url": "https://devblogs.microsoft.com/dotnet/october-2023-updates/" - }, - 35: { - "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715" - }, - 36: { - "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve" - }, - 37: { - "url": "https://errata.almalinux.org/9/ALSA-2023-6746.html" - }, - 38: { - "url": "https://errata.rockylinux.org/RLSA-2023:5838" - }, - 39: { - "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764" - }, - 40: { - "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088" - }, - 41: { - "url": "https://github.com/Azure/AKS/issues/3947" - }, - 42: { - "url": "https://github.com/Kong/kong/discussions/11741" - }, - 43: { - "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3" - }, - 44: { - "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg" - }, - 45: { - "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p" - }, - 46: { - "url": "https://github.com/akka/akka-http/issues/4323" - }, - 47: { - "url": "https://github.com/alibaba/tengine/issues/1872" - }, - 48: { - "url": "https://github.com/apache/apisix/issues/10320" - }, - 49: { - "url": "https://github.com/apache/httpd-site/pull/10" - }, - 50: { - "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113" - }, - 51: { - "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2" - }, - 52: { - "url": "https://github.com/apache/trafficserver/pull/10564" - }, - 53: { - "url": "https://github.com/apple/swift-nio-http2" - }, - 54: { - "url": "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3" - }, 55: { "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487" }, - 56: { - "url": "https://github.com/bcdannyboy/CVE-2023-44487" - }, 57: { "url": "https://github.com/caddyserver/caddy/issues/5877" }, - 58: { - "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5" - }, - 59: { - "url": "https://github.com/dotnet/announcements/issues/277" - }, - 60: { - "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73" - }, - 61: { - "url": "https://github.com/eclipse/jetty.project/issues/10679" - }, - 62: { - "url": "https://github.com/envoyproxy/envoy/pull/30055" - }, - 63: { - "url": "https://github.com/etcd-io/etcd/issues/16740" - }, - 64: { - "url": "https://github.com/facebook/proxygen/pull/466" - }, - 65: { - "url": "https://github.com/golang/go/issues/63417" - }, - 66: { - "url": "https://github.com/grpc/grpc-go/pull/6703" - }, - 67: { - "url": "https://github.com/grpc/grpc-go/releases" - }, - 68: { - "url": "https://github.com/h2o/h2o/pull/3291" - }, - 69: { - "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf" - }, - 70: { - "url": "https://github.com/haproxy/haproxy/issues/2312" - }, - 71: { - "url": "https://github.com/hyperium/hyper/issues/3337" - }, - 72: { - "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244" - }, - 73: { - "url": "https://github.com/junkurihara/rust-rpxy/issues/97" - }, - 74: { - "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1" - }, - 75: { - "url": "https://github.com/kazu-yamamoto/http2/issues/93" - }, - 76: { - "url": "https://github.com/kubernetes/kubernetes/pull/121120" - }, 77: { "url": "https://github.com/line/armeria/pull/5232" }, - 78: { - "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632" - }, - 79: { - "url": "https://github.com/micrictor/http2-rst-stream" - }, - 80: { - "url": "https://github.com/microsoft/CBL-Mariner/pull/6381" - }, - 81: { - "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61" - }, - 82: { - "url": "https://github.com/nghttp2/nghttp2/pull/1961" - }, - 83: { - "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0" - }, - 84: { - "url": "https://github.com/ninenines/cowboy/issues/1615" - }, 85: { "url": "https://github.com/nodejs/node/pull/50121" }, - 86: { - "url": "https://github.com/openresty/openresty/issues/930" - }, - 87: { - "url": "https://github.com/opensearch-project/data-prepper/issues/3474" - }, - 88: { - "url": "https://github.com/oqtane/oqtane.framework/discussions/3367" - }, - 89: { - "url": "https://github.com/projectcontour/contour/pull/5826" - }, - 90: { - "url": "https://github.com/tempesta-tech/tempesta/issues/1986" - }, - 91: { - "url": "https://github.com/varnishcache/varnish-cache/issues/3996" - }, - 92: { - "url": "https://go.dev/cl/534215" - }, - 93: { - "url": "https://go.dev/cl/534235" - }, - 94: { - "url": "https://go.dev/issue/63417" - }, - 95: { - "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo" - }, - 96: { - "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ" - }, - 97: { - "url": "https://istio.io/latest/news/security/istio-security-2023-004" - }, - 98: { - "url": "https://istio.io/latest/news/security/istio-security-2023-004/" - }, - 99: { - "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487" - }, - 100: { - "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/" - }, - 101: { - "url": "https://linux.oracle.com/cve/CVE-2023-44487.html" - }, - 102: { - "url": "https://linux.oracle.com/errata/ELSA-2023-7205.html" - }, - 103: { - "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q" - }, - 104: { - "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" - }, - 105: { - "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html" - }, - 106: { - "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html" - }, - 107: { - "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html" - }, - 108: { - "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html" - }, - 109: { - "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html" - }, - 110: { - "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html" - }, - 111: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI" - }, - 112: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/" - }, - 113: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A" - }, - 114: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" - }, - 115: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ" - }, - 116: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/" - }, - 117: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2" - }, - 118: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" - }, - 119: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5" - }, - 120: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/" - }, - 121: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU" - }, - 122: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/" - }, - 123: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ" - }, - 124: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/" - }, - 125: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ" - }, - 126: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/" - }, - 127: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY" - }, - 128: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/" - }, - 129: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE" - }, - 130: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" - }, - 131: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG" - }, - 132: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/" - }, - 133: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL" - }, - 134: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/" - }, - 135: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU" - }, - 136: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/" - }, - 137: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK" - }, - 138: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/" - }, - 139: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX" - }, - 140: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/" - }, - 141: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH" - }, - 142: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/" - }, - 143: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y" - }, - 144: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/" - }, - 145: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2" - }, - 146: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" - }, - 147: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT" - }, - 148: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/" - }, - 149: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3" - }, - 150: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/" - }, - 151: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4" - }, - 152: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/" - }, - 153: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A" - }, - 154: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ" - }, - 155: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2" - }, - 156: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5" - }, - 157: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU" - }, - 158: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ" - }, - 159: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ" - }, - 160: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY" - }, - 161: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE" - }, - 162: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG" - }, - 163: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL" - }, - 164: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU" - }, - 165: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK" - }, - 166: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH" - }, - 167: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y" - }, - 168: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2" - }, - 169: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT" - }, - 170: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3" - }, - 171: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4" - }, - 172: { - "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html" - }, - 173: { - "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html" - }, - 174: { - "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html" - }, - 175: { - "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2" - }, - 176: { - "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/" - }, - 177: { - "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487" - }, - 178: { - "url": "https://my.f5.com/manage/s/article/K000137106" - }, - 179: { - "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html" - }, - 180: { - "url": "https://news.ycombinator.com/item?id=37830987" - }, - 181: { - "url": "https://news.ycombinator.com/item?id=37830998" - }, - 182: { - "url": "https://news.ycombinator.com/item?id=37831062" - }, - 183: { - "url": "https://news.ycombinator.com/item?id=37837043" - }, - 184: { - "url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases" - }, 185: { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, - 186: { - "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response" - }, - 187: { - "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/" - }, - 188: { - "url": "https://pkg.go.dev/vuln/GO-2023-2102" - }, - 189: { - "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected" - }, - 190: { - "url": "https://security.gentoo.org/glsa/202311-09" - }, - 191: { - "url": "https://security.netapp.com/advisory/ntap-20231016-0001" - }, - 192: { - "url": "https://security.netapp.com/advisory/ntap-20231016-0001/" - }, - 193: { - "url": "https://security.paloaltonetworks.com/CVE-2023-44487" - }, - 194: { - "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14" - }, - 195: { - "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12" - }, - 196: { - "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94" - }, - 197: { - "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81" - }, - 198: { - "url": "https://ubuntu.com/security/CVE-2023-44487" - }, - 199: { - "url": "https://ubuntu.com/security/notices/USN-6427-1" - }, - 200: { - "url": "https://ubuntu.com/security/notices/USN-6427-2" - }, - 201: { - "url": "https://ubuntu.com/security/notices/USN-6438-1" - }, - 202: { - "url": "https://ubuntu.com/security/notices/USN-6505-1" - }, - 203: { - "url": "https://ubuntu.com/security/notices/USN-6574-1" - }, - 204: { - "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records" - }, - 205: { - "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" - }, - 206: { - "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" - }, - 207: { - "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" - }, - 208: { - "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event" - }, - 209: { - "url": "https://www.debian.org/security/2023/dsa-5521" - }, - 210: { - "url": "https://www.debian.org/security/2023/dsa-5522" - }, - 211: { - "url": "https://www.debian.org/security/2023/dsa-5540" - }, - 212: { - "url": "https://www.debian.org/security/2023/dsa-5549" - }, - 213: { - "url": "https://www.debian.org/security/2023/dsa-5558" - }, - 214: { - "url": "https://www.debian.org/security/2023/dsa-5570" - }, - 215: { - "url": "https://www.eclipse.org/lists/jetty-announce/msg00181.html" - }, - 216: { - "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487" - }, - 217: { - "url": "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html" - }, 218: { "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487" } - 219: { - "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/" - } - 220: { - "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products" - } - 221: { - "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" - } - 222: { - "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6" - } - 223: { - "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack" - } - 224: { - "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday" - } 225: { "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/" } ], "affects": [ 0: { - "ref": "pkg:golang/golang.org/x/net@v0.15.0", + "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9", "versions": [ 0: { "status": "affected", - "version": "v0.15.0" + "version": "v2.1.9" } ] } ], "cwes": [ - 0: 400 + 0: 190 ], - "description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", + "description": "An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.", - "id": "CVE-2023-44487", + "id": "CVE-2019-13126", - "published": "2023-10-10T14:15:10+00:00", + "published": "2019-07-29T17:15:11+00:00", "ratings": [ 0: { "severity": "high", "source": { - "name": "bitnami" + "name": "ghsa" } }, - 0: { - "severity": "high", - "source": { - "name": "alma" - } - }, 1: { "severity": "high", "source": { - "name": "ghsa" + "name": "nvd" } }, - 1: { - "severity": "high", - "source": { - "name": "amazon" - } - }, 2: { "method": "CVSSv31", "score": 7.5, "severity": "high", "source": { "name": "bitnami" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, - 3: { - "severity": "high", - "source": { - "name": "cbl-mariner" - } - }, 4: { "method": "CVSSv31", "score": 5.3, "severity": "medium", "source": { "name": "ghsa" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, 5: { "method": "CVSSv31", "score": 7.5, "severity": "high", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, - 6: { - "severity": "high", - "source": { - "name": "oracle-oval" - } - }, - 7: { - "severity": "high", - "source": { - "name": "photon" - } - }, - 8: { - "method": "CVSSv31", - "score": 7.5, - "severity": "high", - "source": { - "name": "redhat" - }, - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - 9: { - "severity": "high", - "source": { - "name": "rocky" - } - } - 10: { - "severity": "medium", - "source": { - "name": "ubuntu" - } - } ], - "recommendation": "Upgrade golang.org/x/net to version 0.17.0", + "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, - "updated": "2024-02-02T15:40:23+00:00" + "updated": "2023-03-03T19:13:24+00:00" }, 2: { "advisories": [ 0: { - "url": "https://avd.aquasec.com/nvd/cve-2023-46129" + "url": "https://avd.aquasec.com/nvd/cve-2020-26521" }, 1: { - "url": "http://www.openwall.com/lists/oss-security/2023/10/31/1" + "url": "http://www.openwall.com/lists/oss-security/2020/11/02/2" }, 2: { - "url": "https://advisories.nats.io/CVE/secnote-2023-02.txt" + "url": "https://advisories.nats.io/CVE/CVE-2020-26521.txt" }, - 2: { - "url": "https://access.redhat.com/security/cve/CVE-2023-46129" - }, 3: { - "url": "https://github.com/nats-io/nkeys" + "url": "https://github.com/nats-io/jwt/pull/107" }, 4: { - "url": "https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9" + "url": "https://github.com/nats-io/jwt/security/advisories/GHSA-h2fg-54x9-5qhq" }, 5: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS" + "url": "https://github.com/nats-io/nats-server/commit/9ff8bcde2e46009e98bd9e88f598af355f62c168" }, - 5: { - "url": "https://github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1" - }, 6: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/" + "url": "https://github.com/nats-io/nats-server/commits/master" }, 7: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/" }, 8: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI" }, 9: { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46129" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26521" }, 10: { - "url": "https://www.cve.org/CVERecord?id=CVE-2023-46129" + "url": "https://pkg.go.dev/vuln/GO-2022-0402" } 11: { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46129" } 12: { "url": "https://www.cve.org/CVERecord?id=CVE-2023-46129" } ], "affects": [ 0: { - "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0", + "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33", "versions": [ 0: { "status": "affected", - "version": "v2.10.0" + "version": "v0.3.2" } ] }, 1: { - "ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.4", + "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb", "versions": [ 0: { "status": "affected", - "version": "v0.4.4" + "version": "v0.3.2" } ] }, 2: { - "ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.5", + "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd", "versions": [ 0: { "status": "affected", - "version": "v0.4.5" + "version": "v0.3.2" } ] } ], "cwes": [ - 0: 325, + 0: 476, - 0: 321 1: 325 ], - "description": "NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.", + "description": "The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).", - "id": "CVE-2023-46129", + "id": "CVE-2020-26521", - "published": "2023-10-31T00:15:09+00:00", + "published": "2020-11-06T08:15:13+00:00", "ratings": [ 0: { "method": "CVSSv31", "score": 7.5, "severity": "high", "source": { "name": "bitnami" }, - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, - 0: { - "method": "CVSSv31", - "score": 7.5, - "severity": "high", - "source": { - "name": "bitnami" - }, - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" - }, 1: { - "severity": "high", + "severity": "medium", "source": { "name": "cbl-mariner" } }, - 1: { - "severity": "high", - "source": { - "name": "cbl-mariner" - } - }, 2: { "method": "CVSSv31", "score": 7.5, "severity": "high", "source": { - "name": "redhat" + "name": "nvd" }, - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } 3: { "method": "CVSSv31", "score": 7.5, "severity": "high", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } 4: { "method": "CVSSv31", "score": 7.5, "severity": "high", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], - "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.10.4; Upgrade github.com/nats-io/nkeys to version 0.4.6", + "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, - "updated": "2023-11-29T03:15:42+00:00" + "updated": "2023-11-07T03:20:36+00:00" }, + 3: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2020-26892" + }, + : { + "url": "https://advisories.nats.io/CVE/CVE-2020-26892.txt" + }, + : { + "url": "https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a" + }, + : { + "url": "https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5" + }, + : { + "url": "https://github.com/nats-io/nats-server/commit/1e08b67f08e18cd844dce833a265aaa72500a12f" + }, + : { + "url": "https://github.com/nats-io/nats-server/commits/master" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26892" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2022-0380" + }, + : { + "url": "https://www.openwall.com/lists/oss-security/2020/11/02/2" + } + ], + "affects": [ + : { + "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + } + ], + "cwes": [ + : 798 + ], + "description": "The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.", + "id": "CVE-2020-26892", + "published": "2020-11-06T08:15:13+00:00", + "ratings": [ + : { + "method": "CVSSv31", + "score": 9.8, + "severity": "critical", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "method": "CVSSv2", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + }, + : { + "method": "CVSSv31", + "score": 9.8, + "severity": "critical", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-07T03:20:46+00:00" + }, 3: { "advisories": [ : { "url": "https://avd.aquasec.com/nvd/cve-2023-46218" }, : { "url": "https://access.redhat.com/errata/RHSA-2024:1129" }, : { "url": "https://access.redhat.com/security/cve/CVE-2023-46218" }, : { "url": "https://bugzilla.redhat.com/2252030" }, : { "url": "https://curl.se/docs/CVE-2023-46218.html" }, : { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218" }, : { "url": "https://errata.almalinux.org/9/ALSA-2024-1129.html" }, : { "url": "https://hackerone.com/reports/2212193" }, : { "url": "https://linux.oracle.com/cve/CVE-2023-46218.html" }, : { "url": "https://linux.oracle.com/errata/ELSA-2024-1129.html" }, : { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" }, : { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/" }, : { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" }, : { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218" }, : { "url": "https://security.netapp.com/advisory/ntap-20240125-0007/" }, : { "url": "https://ubuntu.com/security/notices/USN-6535-1" }, : { "url": "https://ubuntu.com/security/notices/USN-6641-1" }, : { "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218" }, : { "url": "https://www.debian.org/security/2023/dsa-5587" } ], "affects": [ : { "ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "8.4.0-r0" } ] }, : { "ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "8.4.0-r0" } ] } ], "description": "This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. ", "id": "CVE-2023-46218", "published": "2023-12-07T01:15:07+00:00", "ratings": [ : { "severity": "medium", "source": { "name": "alma" } }, : { "severity": "medium", "source": { "name": "amazon" } }, : { "severity": "medium", "source": { "name": "cbl-mariner" } }, : { "method": "CVSSv31", "score": 6.5, "severity": "medium", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, : { "severity": "medium", "source": { "name": "oracle-oval" } }, : { "method": "CVSSv31", "score": 5.3, "severity": "medium", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, : { "severity": "medium", "source": { "name": "ubuntu" } } ], "recommendation": "Upgrade curl to version 8.5.0-r0; Upgrade libcurl to version 8.5.0-r0", "source": { "name": "alpine", "url": "https://secdb.alpinelinux.org/" }, "updated": "2024-01-25T14:15:26+00:00" }, + 4: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2020-28466" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/16/1" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/16/2" + }, + : { + "url": "https://github.com/nats-io/nats-server/pull/1731" + }, + : { + "url": "https://github.com/nats-io/nats-server/pull/1731/commits/2e3c22672936f4980d343fb1d328b38919e74796" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28466" + }, + : { + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNATSIONATSSERVERSERVER-1042967" + } + ], + "affects": [ + : { + "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9", + "versions": [ + : { + "status": "affected", + "version": "v2.1.9" + } + ] + } + ], + "description": "This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git.", + "id": "CVE-2020-28466", + "published": "2021-03-07T10:15:12+00:00", + "ratings": [ + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv2", + "score": 5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2021-03-25T00:21:15+00:00" + }, 4: { "advisories": [ : { "url": "https://avd.aquasec.com/nvd/cve-2023-46219" }, : { "url": "https://access.redhat.com/security/cve/CVE-2023-46219" }, : { "url": "https://curl.se/docs/CVE-2023-46219.html" }, : { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46219" }, : { "url": "https://hackerone.com/reports/2236133" }, : { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" }, : { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46219" }, : { "url": "https://security.netapp.com/advisory/ntap-20240119-0007/" }, : { "url": "https://ubuntu.com/security/notices/USN-6535-1" }, : { "url": "https://www.cve.org/CVERecord?id=CVE-2023-46219" }, : { "url": "https://www.debian.org/security/2023/dsa-5587" } ], "affects": [ : { "ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "8.4.0-r0" } ] }, : { "ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "8.4.0-r0" } ] } ], "cwes": [ : 311 ], "description": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. ", "id": "CVE-2023-46219", "published": "2023-12-12T02:15:06+00:00", "ratings": [ : { "severity": "medium", "source": { "name": "amazon" } }, : { "severity": "medium", "source": { "name": "cbl-mariner" } }, : { "method": "CVSSv31", "score": 5.3, "severity": "medium", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, : { "method": "CVSSv31", "score": 4.8, "severity": "low", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, : { "severity": "low", "source": { "name": "ubuntu" } } ], "recommendation": "Upgrade curl to version 8.5.0-r0; Upgrade libcurl to version 8.5.0-r0", "source": { "name": "alpine", "url": "https://secdb.alpinelinux.org/" }, "updated": "2024-01-19T16:15:09+00:00" }, + 5: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2020-29652" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2020-29652" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652" + }, + : { + "url": "https://errata.almalinux.org/8/ALSA-2021-1796.html" + }, + : { + "url": "https://go-review.googlesource.com/c/crypto/+/278852" + }, + : { + "url": "https://go.dev/cl/278852" + }, + : { + "url": "https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2020-29652.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2021-1796.html" + }, + : { + "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2021-0227" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652" + } + ], + "affects": [ + : { + "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "718081db-83c2-4309-87c8-e43228139b88", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200323165209-0ec3e9974c59" + } + ] + } + ], + "cwes": [ + : 476 + ], + "description": "A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.", + "id": "CVE-2020-29652", + "published": "2020-12-17T05:15:10+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "alma" + } + }, + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv2", + "score": 5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20201216223049-8b5274cf687f", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-07T03:21:32+00:00" + }, 5: { "advisories": [ : { "url": "https://avd.aquasec.com/nvd/cve-2023-47090" }, : { "url": "http://www.openwall.com/lists/oss-security/2023/10/30/1" }, : { "url": "https://advisories.nats.io/CVE/secnote-2023-01.txt" }, : { "url": "https://github.com/nats-io/nats-server" }, : { "url": "https://github.com/nats-io/nats-server/commit/fa5b7afcb64e7e887e49afdd032358802b5c4478" }, : { "url": "https://github.com/nats-io/nats-server/discussions/4535" }, : { "url": "https://github.com/nats-io/nats-server/pull/4605" }, : { "url": "https://github.com/nats-io/nats-server/releases/tag/v2.10.2" }, : { "url": "https://github.com/nats-io/nats-server/releases/tag/v2.9.23" }, : { "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23" }, : { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47090" }, : { "url": "https://www.openwall.com/lists/oss-security/2023/10/13/2" } ], "affects": [ : { "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0", "versions": [ : { "status": "affected", "version": "v2.10.0" } ] }, : { "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19", "versions": [ : { "status": "affected", "version": "v2.9.19" } ] } ], "cwes": [ : 863 ], "description": "NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.", "id": "CVE-2023-47090", "published": "2023-10-30T17:15:52+00:00", "ratings": [ : { "severity": "medium", "source": { "name": "cbl-mariner" } }, : { "severity": "high", "source": { "name": "ghsa" } }, : { "method": "CVSSv31", "score": 6.5, "severity": "medium", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.9.23, 2.10.2", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "updated": "2023-11-08T00:15:54+00:00" }, 6: { "advisories": [ 0: { - "url": "https://avd.aquasec.com/nvd/cve-2023-46218" + "url": "https://avd.aquasec.com/nvd/cve-2021-28831" }, 1: { - "url": "https://access.redhat.com/security/cve/CVE-2023-46218" + "url": "https://access.redhat.com/security/cve/CVE-2021-28831" }, - 1: { - "url": "https://access.redhat.com/errata/RHSA-2024:1129" - }, 2: { - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218" + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831" }, 3: { - "url": "https://hackerone.com/reports/2212193" + "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd" }, - 3: { - "url": "https://bugzilla.redhat.com/2252030" - }, 4: { - "url": "https://linux.oracle.com/cve/CVE-2023-46218.html" + "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html" }, - 4: { - "url": "https://curl.se/docs/CVE-2023-46218.html" - }, 5: { - "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/" }, 6: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/" }, - 6: { - "url": "https://errata.almalinux.org/9/ALSA-2024-1129.html" - }, 7: { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/" }, 8: { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28831" }, 9: { - "url": "https://security.netapp.com/advisory/ntap-20240125-0007/" + "url": "https://security.gentoo.org/glsa/202105-09" }, - 9: { - "url": "https://linux.oracle.com/errata/ELSA-2024-1129.html" - }, 10: { - "url": "https://ubuntu.com/security/notices/USN-6535-1" + "url": "https://ubuntu.com/security/notices/USN-5179-1" }, 11: { - "url": "https://ubuntu.com/security/notices/USN-6641-1" + "url": "https://ubuntu.com/security/notices/USN-5179-2" }, 12: { - "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218" + "url": "https://ubuntu.com/security/notices/USN-6335-1" }, 13: { - "url": "https://www.debian.org/security/2023/dsa-5587" + "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831" }, 14: { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, 15: { "url": "https://crates.io/crates/thrussh/versions" }, 16: { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795" }, 17: { "url": "https://errata.almalinux.org/9/ALSA-2024-1150.html" }, 18: { "url": "https://errata.rockylinux.org/RLSA-2024:0628" }, 19: { "url": "https://filezilla-project.org/versions.php" }, 20: { "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, 21: { "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, 22: { "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, 23: { "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, 24: { "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, 25: { "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, 26: { "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, 27: { "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, 28: { "url": "https://github.com/apache/mina-sshd/issues/445" }, 29: { "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, 30: { "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, 31: { "url": "https://github.com/cyd01/KiTTY/issues/520" }, 32: { "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, 33: { "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, 34: { "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, 35: { "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, 36: { "url": "https://github.com/hierynomus/sshj/issues/916" }, 37: { "url": "https://github.com/janmojzis/tinyssh/issues/81" }, 38: { "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, 39: { "url": "https://github.com/libssh2/libssh2/pull/1291" }, 40: { "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, 41: { "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, 42: { "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, 43: { "url": "https://github.com/mwiede/jsch/issues/457" }, 44: { "url": "https://github.com/mwiede/jsch/pull/461" }, 45: { "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, 46: { "url": "https://github.com/openssh/openssh-portable/commits/master" }, 47: { "url": "https://github.com/paramiko/paramiko/issues/2337" }, 48: { "url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773" }, 49: { "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, 50: { "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, 51: { "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, 52: { "url": "https://github.com/proftpd/proftpd/issues/456" }, 53: { "url": "https://github.com/rapier1/hpn-ssh/releases" }, 54: { "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, 55: { "url": "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55" }, 56: { "url": "https://github.com/ronf/asyncssh/tags" }, 57: { "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, 58: { "url": "https://github.com/warp-tech/russh" }, 59: { "url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951" }, 60: { "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, 61: { "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8" }, 62: { "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, 63: { "url": "https://go.dev/cl/550715" }, 64: { "url": "https://go.dev/issue/64784" }, 65: { "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, 66: { "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, 67: { "url": "https://help.panic.com/releasenotes/transmit5" }, 68: { "url": "https://help.panic.com/releasenotes/transmit5/" }, 69: { "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795" }, 70: { "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, 71: { "url": "https://linux.oracle.com/cve/CVE-2023-48795.html" }, 72: { "url": "https://linux.oracle.com/errata/ELSA-2024-12233.html" }, 73: { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, 74: { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, 75: { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, 76: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" }, 77: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, 78: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS" }, 79: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" }, 80: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" }, 81: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, 82: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" }, 83: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, 84: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" }, 85: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, 86: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" }, 87: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, 88: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6" }, 89: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" }, 90: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" }, 91: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, 92: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B" }, 93: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, 94: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y" }, 95: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, 96: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" }, 97: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, 98: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" }, 99: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, 100: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P" }, 101: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, 102: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD" }, 103: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, 104: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" }, 105: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, 106: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" }, 107: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, 108: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" }, 109: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, 110: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7" }, 111: { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, 112: { "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, 113: { "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, 114: { "url": "https://news.ycombinator.com/item?id=38684904" }, 115: { "url": "https://news.ycombinator.com/item?id=38685286" }, 116: { "url": "https://news.ycombinator.com/item?id=38732005" }, 117: { "url": "https://nova.app/releases/#v11.8" }, 118: { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, 119: { "url": "https://oryx-embedded.com/download/#changelog" }, 120: { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, 121: { "url": "https://roumenpetrov.info/secsh/#news20231220" }, 122: { "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, 123: { "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, 124: { "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, 125: { "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, 126: { "url": "https://security.gentoo.org/glsa/202312-16" }, 127: { "url": "https://security.gentoo.org/glsa/202312-17" }, 128: { "url": "https://security.netapp.com/advisory/ntap-20240105-0004" }, 129: { "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" }, 130: { "url": "https://support.apple.com/kb/HT214084" }, 131: { "url": "https://terrapin-attack.com/" }, 132: { "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway" }, 133: { "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, 134: { "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, 135: { "url": "https://ubuntu.com/security/CVE-2023-48795" }, 136: { "url": "https://ubuntu.com/security/notices/USN-6560-1" }, 137: { "url": "https://ubuntu.com/security/notices/USN-6560-2" }, 138: { "url": "https://ubuntu.com/security/notices/USN-6561-1" }, 139: { "url": "https://ubuntu.com/security/notices/USN-6585-1" }, 140: { "url": "https://ubuntu.com/security/notices/USN-6589-1" }, 141: { "url": "https://ubuntu.com/security/notices/USN-6598-1" }, 142: { "url": "https://winscp.net/eng/docs/history#6.2.2" }, 143: { "url": "https://www.bitvise.com/ssh-client-version-history#933" }, 144: { "url": "https://www.bitvise.com/ssh-server-version-history" }, 145: { "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, 146: { "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, 147: { "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, 148: { "url": "https://www.debian.org/security/2023/dsa-5586" }, 149: { "url": "https://www.debian.org/security/2023/dsa-5588" }, 150: { "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, 151: { "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, 152: { "url": "https://www.netsarang.com/en/xshell-update-history" }, 153: { "url": "https://www.netsarang.com/en/xshell-update-history/" }, 154: { "url": "https://www.openssh.com/openbsd.html" }, 155: { "url": "https://www.openssh.com/txt/release-9.6" }, 156: { "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, 157: { "url": "https://www.openwall.com/lists/oss-security/2023/12/18/3" }, 158: { "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, 159: { "url": "https://www.paramiko.org/changelog.html" }, 160: { "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed" }, 161: { "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" } 162: { "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795" } 163: { "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" } 164: { "url": "https://www.terrapin-attack.com" } 165: { "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" } 166: { "url": "https://www.vandyke.com/products/securecrt/history.txt" } ], "affects": [ 0: { - "ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4", + "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2", "versions": [ 0: { "status": "affected", - "version": "8.4.0-r0" + "version": "1.32.1-r3" } ] }, 1: { - "ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4", + "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2", "versions": [ 0: { "status": "affected", - "version": "8.4.0-r0" + "version": "1.32.1-r3" } ] }, 2: { "ref": "pkg:golang/golang.org/x/crypto@v0.9.0", "versions": [ : { "status": "affected", "version": "v0.9.0" } ] } ], + "cwes": [ + : 755 + ], "cwes": [ : 354 ], - "description": "This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. ", + "description": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.", - "id": "CVE-2023-46218", + "id": "CVE-2021-28831", - "published": "2023-12-07T01:15:07+00:00", + "published": "2021-03-19T05:15:13+00:00", "ratings": [ - 0: { - "severity": "medium", - "source": { - "name": "alma" - } - }, 1: { - "severity": "medium", + "severity": "high", "source": { "name": "amazon" } }, 2: { "severity": "medium", "source": { "name": "cbl-mariner" } }, 3: { + "method": "CVSSv31", "method": "CVSSv31", + "score": 7.5, "score": 5.9, - "severity": "medium", + "severity": "high", "source": { - "name": "oracle-oval" + "name": "nvd" }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" + "method": "CVSSv31" + "score": 7.5 + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, 4: { "method": "CVSSv31", - "score": 5.3, + "score": 7.5, "severity": "medium", "source": { "name": "nvd" }, - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, 5: { - "severity": "medium", + "severity": "low", "source": { "name": "oracle-oval" } }, 6: { "severity": "medium", "source": { "name": "photon" } }, 7: { "method": "CVSSv31", "score": 5.9, "severity": "medium", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, 8: { "severity": "medium", "source": { "name": "rocky" } }, 9: { "severity": "medium", "source": { "name": "ubuntu" } } ], - "recommendation": "Upgrade curl to version 8.5.0-r0; Upgrade libcurl to version 8.5.0-r0", + "recommendation": "Upgrade busybox to version 1.32.1-r4; Upgrade ssl_client to version 1.32.1-r4", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, - "updated": "2024-01-25T14:15:26+00:00" + "updated": "2023-11-07T03:32:23+00:00" + "cwes": [ + : 755 + ] }, + 7: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-30139" + }, + : { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741" + }, + : { + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "2.12.1-r0" + } + ] + } + ], + "cwes": [ + : 125 + ], + "description": "In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.", + "id": "CVE-2021-30139", + "published": "2021-04-21T16:15:08+00:00", + "ratings": [ + : { + "method": "CVSSv2", + "score": 5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "recommendation": "Upgrade apk-tools to version 2.12.5-r0", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2021-04-22T18:21:47+00:00" + }, 7: { "advisories": [ : { "url": "https://avd.aquasec.com/nvd/cve-2023-5363" }, : { "url": "http://www.openwall.com/lists/oss-security/2023/10/24/1" }, : { "url": "https://access.redhat.com/errata/RHSA-2024:0310" }, : { "url": "https://access.redhat.com/security/cve/CVE-2023-5363" }, : { "url": "https://bugzilla.redhat.com/2243839" }, : { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5363" }, : { "url": "https://errata.almalinux.org/9/ALSA-2024-0310.html" }, : { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d" }, : { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee" }, : { "url": "https://linux.oracle.com/cve/CVE-2023-5363.html" }, : { "url": "https://linux.oracle.com/errata/ELSA-2024-12093.html" }, : { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5363" }, : { "url": "https://security.netapp.com/advisory/ntap-20231027-0010/" }, : { "url": "https://security.netapp.com/advisory/ntap-20240201-0003/" }, : { "url": "https://security.netapp.com/advisory/ntap-20240201-0004/" }, : { "url": "https://ubuntu.com/security/notices/USN-6450-1" }, : { "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363" }, : { "url": "https://www.debian.org/security/2023/dsa-5532" }, : { "url": "https://www.openssl.org/news/secadv/20231024.txt" } ], "affects": [ : { "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] }, : { "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] } ], "description": "Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.", "id": "CVE-2023-5363", "published": "2023-10-25T18:17:43+00:00", "ratings": [ : { "severity": "medium", "source": { "name": "alma" } }, : { "severity": "high", "source": { "name": "amazon" } }, : { "method": "CVSSv31", "score": 7.5, "severity": "high", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, : { "severity": "high", "source": { "name": "oracle-oval" } }, : { "severity": "high", "source": { "name": "photon" } }, : { "method": "CVSSv31", "score": 7.5, "severity": "medium", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, : { "severity": "medium", "source": { "name": "ubuntu" } } ], "recommendation": "Upgrade libcrypto3 to version 3.1.4-r0; Upgrade libssl3 to version 3.1.4-r0", "source": { "name": "alpine", "url": "https://secdb.alpinelinux.org/" }, "updated": "2024-02-01T17:15:08+00:00" }, + 8: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-3127" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-3127" + }, + : { + "url": "https://advisories.nats.io/CVE/CVE-2021-3127.txt" + }, + : { + "url": "https://github.com/nats-io/jwt" + }, + : { + "url": "https://github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866" + }, + : { + "url": "https://github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3127" + } + ], + "affects": [ + : { + "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0", + "versions": [ + : { + "status": "affected", + "version": "v1.1.0" + } + ] + }, + : { + "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2", + "versions": [ + : { + "status": "affected", + "version": "v1.2.2" + } + ] + }, + : { + "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9", + "versions": [ + : { + "status": "affected", + "version": "v2.1.9" + } + ] + } + ], + "cwes": [ + : 755 + ], + "description": "NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.", + "id": "CVE-2021-3127", + "published": "2021-03-16T20:15:13+00:00", + "ratings": [ + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + : { + "method": "CVSSv2", + "score": 5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + : { + "method": "CVSSv31", + "score": 5.3, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "recommendation": "Upgrade github.com/nats-io/jwt to version 1.2.3-0.20210314221642-a826c77dc9d2; Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2022-07-12T17:42:04+00:00" + }, 8: { "advisories": [ : { "url": "https://avd.aquasec.com/nvd/cve-2023-5678" }, : { "url": "https://access.redhat.com/errata/RHSA-2023:7877" }, : { "url": "https://access.redhat.com/security/cve/CVE-2023-5678" }, : { "url": "https://bugzilla.redhat.com/2224962" }, : { "url": "https://bugzilla.redhat.com/2227852" }, : { "url": "https://bugzilla.redhat.com/2248616" }, : { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678" }, : { "url": "https://errata.almalinux.org/8/ALSA-2023-7877.html" }, : { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, : { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, : { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017" }, : { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, : { "url": "https://linux.oracle.com/cve/CVE-2023-5678.html" }, : { "url": "https://linux.oracle.com/errata/ELSA-2024-12056.html" }, : { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678" }, : { "url": "https://security.netapp.com/advisory/ntap-20231130-0010/" }, : { "url": "https://ubuntu.com/security/notices/USN-6622-1" }, : { "url": "https://ubuntu.com/security/notices/USN-6632-1" }, : { "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678" }, : { "url": "https://www.openssl.org/news/secadv/20231106.txt" } ], "affects": [ : { "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] }, : { "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] } ], "cwes": [ : 754 ], "description": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. ", "id": "CVE-2023-5678", "published": "2023-11-06T16:15:42+00:00", "ratings": [ : { "severity": "low", "source": { "name": "alma" } }, : { "severity": "medium", "source": { "name": "amazon" } }, : { "severity": "medium", "source": { "name": "cbl-mariner" } }, : { "method": "CVSSv31", "score": 5.3, "severity": "medium", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, : { "severity": "medium", "source": { "name": "oracle-oval" } }, : { "severity": "medium", "source": { "name": "photon" } }, : { "method": "CVSSv31", "score": 5.3, "severity": "low", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, : { "severity": "low", "source": { "name": "ubuntu" } } ], "recommendation": "Upgrade libcrypto3 to version 3.1.4-r1; Upgrade libssl3 to version 3.1.4-r1", "source": { "name": "alpine", "url": "https://secdb.alpinelinux.org/" }, "updated": "2023-11-30T22:15:09+00:00" }, + 9: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-33194" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-33194" + }, + : { + "url": "https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7" + }, + : { + "url": "https://go.dev/cl/311090" + }, + : { + "url": "https://go.dev/issue/46288" + }, + : { + "url": "https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/wPunbCPkWUg" + }, + : { + "url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2021-0238" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194" + } + ], + "affects": [ + : { + "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210428140749-89ef3d95e781" + } + ] + } + ], + "cwes": [ + : 835 + ], + "description": "golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.", + "id": "CVE-2021-33194", + "published": "2021-05-26T15:15:08+00:00", + "ratings": [ + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv2", + "score": 5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "recommendation": "Upgrade golang.org/x/net to version 0.0.0-20210520170846-37e1c6afe023", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-07T03:35:49+00:00" + }, 9: { "advisories": [ : { "url": "https://avd.aquasec.com/nvd/cve-2023-6129" }, : { "url": "https://access.redhat.com/security/cve/CVE-2023-6129" }, : { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129" }, : { "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35" }, : { "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04" }, : { "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015" }, : { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6129" }, : { "url": "https://security.netapp.com/advisory/ntap-20240216-0009/" }, : { "url": "https://ubuntu.com/security/notices/USN-6622-1" }, : { "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129" }, : { "url": "https://www.openssl.org/news/secadv/20240109.txt" }, : { "url": "https://www.openwall.com/lists/oss-security/2024/01/09/1" } ], "affects": [ : { "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] }, : { "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] } ], "cwes": [ : 787 ], "description": "Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.", "id": "CVE-2023-6129", "published": "2024-01-09T17:15:12+00:00", "ratings": [ : { "method": "CVSSv31", "score": 6.5, "severity": "medium", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, : { "method": "CVSSv31", "score": 6.5, "severity": "low", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, : { "severity": "low", "source": { "name": "ubuntu" } } ], "recommendation": "Upgrade libcrypto3 to version 3.1.4-r3; Upgrade libssl3 to version 3.1.4-r3", "source": { "name": "alpine", "url": "https://secdb.alpinelinux.org/" }, "updated": "2024-02-16T13:15:09+00:00" }, + 10: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-3449" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-3449" + }, + : { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + : { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148" + }, + : { + "url": "https://github.com/alexcrichton/openssl-src-rs" + }, + : { + "url": "https://github.com/nodejs/node/pull/38083" + }, + : { + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845" + }, + : { + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10356" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2021-3449.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" + }, + : { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013" + }, + : { + "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055" + }, + : { + "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055.html" + }, + : { + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" + }, + : { + "url": "https://security.gentoo.org/glsa/202103-03" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210326-0006" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210513-0002" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" + }, + : { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-4891-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5038-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449" + }, + : { + "url": "https://www.debian.org/security/2021/dsa-4875" + }, + : { + "url": "https://www.openssl.org/news/secadv/20210325.txt" + }, + : { + "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + : { + "url": "https://www.tenable.com/security/tns-2021-05" + }, + : { + "url": "https://www.tenable.com/security/tns-2021-06" + }, + : { + "url": "https://www.tenable.com/security/tns-2021-09" + }, + : { + "url": "https://www.tenable.com/security/tns-2021-10" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + }, + : { + "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + } + ], + "cwes": [ + : 476 + ], + "description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).", + "id": "CVE-2021-3449", + "published": "2021-03-25T15:15:13+00:00", + "ratings": [ + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 5.9, + "severity": "medium", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 5.9, + "severity": "medium", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv2", + "score": 4.3, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 5.9, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "medium", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 5.9, + "severity": "high", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:38:00+00:00" + }, 10: { "advisories": [ : { "url": "https://avd.aquasec.com/nvd/cve-2023-6237" }, : { "url": "https://access.redhat.com/security/cve/CVE-2023-6237" }, : { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237" }, : { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6237" }, : { "url": "https://ubuntu.com/security/notices/USN-6622-1" }, : { "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237" }, : { "url": "https://www.openssl.org/news/secadv/20240115.txt" }, : { "url": "https://www.openwall.com/lists/oss-security/2024/01/15/2" } ], "affects": [ : { "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] }, : { "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] } ], "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "id": "CVE-2023-6237", "ratings": [ : { "severity": "medium", "source": { "name": "amazon" } }, : { "method": "CVSSv31", "score": 5.9, "severity": "low", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, : { "severity": "low", "source": { "name": "ubuntu" } } ], "recommendation": "Upgrade libcrypto3 to version 3.1.4-r4; Upgrade libssl3 to version 3.1.4-r4", "source": { "name": "alpine", "url": "https://secdb.alpinelinux.org/" } }, + 11: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-3450" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-3450" + }, + : { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" + }, + : { + "url": "https://github.com/alexcrichton/openssl-src-rs" + }, + : { + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845" + }, + : { + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10356" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2021-3450.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP" + }, + : { + "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" + }, + : { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013" + }, + : { + "url": "https://rustsec.org/advisories/RUSTSEC-2021-0056.html" + }, + : { + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" + }, + : { + "url": "https://security.gentoo.org/glsa/202103-03" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210326-0006" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" + }, + : { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450" + }, + : { + "url": "https://www.openssl.org/news/secadv/20210325.txt" + }, + : { + "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + : { + "url": "https://www.tenable.com/security/tns-2021-05" + }, + : { + "url": "https://www.tenable.com/security/tns-2021-08" + }, + : { + "url": "https://www.tenable.com/security/tns-2021-09" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + }, + : { + "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + } + ], + "cwes": [ + : 295 + ], + "description": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).", + "id": "CVE-2021-3450", + "published": "2021-03-25T15:15:13+00:00", + "ratings": [ + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 7.4, + "severity": "high", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + }, + : { + "method": "CVSSv31", + "score": 7.4, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + }, + : { + "method": "CVSSv2", + "score": 5.8, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N" + }, + : { + "method": "CVSSv31", + "score": 7.4, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + }, + : { + "severity": "high", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "high", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 7.4, + "severity": "high", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + } + ], + "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:38:00+00:00" + }, 11: { "advisories": [ : { "url": "https://avd.aquasec.com/nvd/cve-2024-0727" }, : { "url": "https://access.redhat.com/security/cve/CVE-2024-0727" }, : { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727" }, : { "url": "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2" }, : { "url": "https://github.com/github/advisory-database/pull/3472" }, : { "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2" }, : { "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a" }, : { "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c" }, : { "url": "https://github.com/openssl/openssl/pull/23362" }, : { "url": "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d" }, : { "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8" }, : { "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539" }, : { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727" }, : { "url": "https://security.netapp.com/advisory/ntap-20240208-0006" }, : { "url": "https://security.netapp.com/advisory/ntap-20240208-0006/" }, : { "url": "https://ubuntu.com/security/notices/USN-6622-1" }, : { "url": "https://ubuntu.com/security/notices/USN-6632-1" }, : { "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727" }, : { "url": "https://www.openssl.org/news/secadv/20240125.txt" } ], "affects": [ : { "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] }, : { "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", "versions": [ : { "status": "affected", "version": "3.1.3-r0" } ] } ], "description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "id": "CVE-2024-0727", "published": "2024-01-26T09:15:07+00:00", "ratings": [ : { "severity": "medium", "source": { "name": "amazon" } }, : { "severity": "medium", "source": { "name": "cbl-mariner" } }, : { "method": "CVSSv31", "score": 5.5, "severity": "medium", "source": { "name": "ghsa" }, "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, : { "method": "CVSSv31", "score": 5.5, "severity": "medium", "source": { "name": "nvd" }, "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, : { "severity": "medium", "source": { "name": "photon" } }, : { "method": "CVSSv31", "score": 5.5, "severity": "low", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, : { "severity": "low", "source": { "name": "ubuntu" } } ], "recommendation": "Upgrade libcrypto3 to version 3.1.4-r5; Upgrade libssl3 to version 3.1.4-r5", "source": { "name": "alpine", "url": "https://secdb.alpinelinux.org/" }, "updated": "2024-02-08T10:15:13+00:00" } + 12: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-36159" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-36159" + }, + : { + "url": "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch" + }, + : { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749" + }, + : { + "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36159" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-36159" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "2.12.1-r0" + } + ] + } + ], + "cwes": [ + : 125 + ], + "description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.", + "id": "CVE-2021-36159", + "published": "2021-08-03T14:15:08+00:00", + "ratings": [ + : { + "method": "CVSSv2", + "score": 6.4, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 9.1, + "severity": "critical", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 9.1, + "severity": "high", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" + } + ], + "recommendation": "Upgrade apk-tools to version 2.12.6-r0", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:36:43+00:00" + } 12: { "advisories": [ : { "url": "https://avd.aquasec.com/nvd/cve-2024-24786" }, : { "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, : { "url": "https://github.com/protocolbuffers/protobuf-go" }, : { "url": "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023" }, : { "url": "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0" }, : { "url": "https://go.dev/cl/569356" }, : { "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, : { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, : { "url": "https://pkg.go.dev/vuln/GO-2024-2611" }, : { "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" } ], "affects": [ : { "ref": "pkg:golang/google.golang.org/protobuf@v1.31.0", "versions": [ : { "status": "affected", "version": "v1.31.0" } ] } ], "description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", "id": "CVE-2024-24786", "published": "2024-03-05T23:15:07+00:00", "ratings": [ : { "severity": "medium", "source": { "name": "ghsa" } }, : { "method": "CVSSv31", "score": 5.9, "severity": "medium", "source": { "name": "redhat" }, "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "recommendation": "Upgrade google.golang.org/protobuf to version 1.33.0", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "updated": "2024-03-06T15:18:08+00:00" } + 13: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-3711" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-3711" + }, + : { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46" + }, + : { + "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711" + }, + : { + "url": "https://rustsec.org/advisories/RUSTSEC-2021-0097.html" + }, + : { + "url": "https://security.gentoo.org/glsa/202209-02" + }, + : { + "url": "https://security.gentoo.org/glsa/202210-02" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210827-0010" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210827-0010/" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20211022-0003" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20211022-0003/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5051-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711" + }, + : { + "url": "https://www.debian.org/security/2021/dsa-4963" + }, + : { + "url": "https://www.openssl.org/news/secadv/20210824.txt" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + : { + "url": "https://www.tenable.com/security/tns-2021-16" + }, + : { + "url": "https://www.tenable.com/security/tns-2022-02" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + }, + : { + "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + } + ], + "cwes": [ + : 120 + ], + "description": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", + "id": "CVE-2021-3711", + "published": "2021-08-24T15:15:09+00:00", + "ratings": [ + : { + "severity": "critical", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 9.8, + "severity": "critical", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "method": "CVSSv2", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + }, + : { + "method": "CVSSv31", + "score": 9.8, + "severity": "critical", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "severity": "critical", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 9.8, + "severity": "high", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "severity": "high", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:38:13+00:00" + } + 14: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-3712" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2" + }, + : { + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-3712" + }, + : { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf" + }, + : { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12" + }, + : { + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10366" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2021-3712.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2022-9023.html" + }, + : { + "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E" + }, + : { + "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712" + }, + : { + "url": "https://rustsec.org/advisories/RUSTSEC-2021-0098.html" + }, + : { + "url": "https://security.gentoo.org/glsa/202209-02" + }, + : { + "url": "https://security.gentoo.org/glsa/202210-02" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210827-0010" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20210827-0010/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5051-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5051-2" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5051-3" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5088-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712" + }, + : { + "url": "https://www.debian.org/security/2021/dsa-4963" + }, + : { + "url": "https://www.openssl.org/news/secadv/20210824.txt" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + : { + "url": "https://www.tenable.com/security/tns-2021-16" + }, + : { + "url": "https://www.tenable.com/security/tns-2022-02" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + }, + : { + "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + } + ], + "cwes": [ + : 125 + ], + "description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).", + "id": "CVE-2021-3712", + "published": "2021-08-24T15:15:09+00:00", + "ratings": [ + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 7.4, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" + }, + : { + "method": "CVSSv2", + "score": 5.8, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.4, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "high", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 7.4, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "rocky" + } + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:38:13+00:00" + } + 15: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-38561" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-38561" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38561" + }, + : { + "url": "https://deps.dev/advisory/OSV/GO-2021-0113" + }, + : { + "url": "https://go.dev/cl/340830" + }, + : { + "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" + }, + : { + "url": "https://groups.google.com/g/golang-announce" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561" + }, + : { + "url": "https://pkg.go.dev/golang.org/x/text/language" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2021-0113" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5873-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561" + } + ], + "affects": [ + : { + "ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77", + "versions": [ + : { + "status": "affected", + "version": "v0.3.6" + } + ] + }, + : { + "ref": "99b7b900-55f8-4676-8c8f-32262681845b", + "versions": [ + : { + "status": "affected", + "version": "v0.3.6" + } + ] + } + ], + "cwes": [ + : 125 + ], + "description": "golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.", + "id": "CVE-2021-38561", + "published": "2022-12-26T06:15:10+00:00", + "ratings": [ + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade golang.org/x/text to version 0.3.7", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-01-05T04:52:36+00:00" + } + 16: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-42374" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-42374" + }, + : { + "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" + }, + : { + "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42374" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5179-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + }, + : { + "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + } + ], + "cwes": [ + : 125 + ], + "description": "An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that", + "id": "CVE-2021-42374", + "published": "2021-11-15T21:15:07+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv2", + "score": 3.3, + "severity": "info", + "source": { + "name": "nvd" + }, + "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 5.3, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 5.7, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" + }, + : { + "severity": "low", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:39:09+00:00" + } + 17: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-42375" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-42375" + }, + : { + "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" + }, + : { + "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42375" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42375" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + }, + : { + "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + } + ], + "cwes": [ + : 159 + ], + "description": "An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.", + "id": "CVE-2021-42375", + "published": "2021-11-15T21:15:07+00:00", + "ratings": [ + : { + "method": "CVSSv2", + "score": 1.9, + "severity": "info", + "source": { + "name": "nvd" + }, + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 5.5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 4.1, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" + } + ], + "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:39:09+00:00" + } + 24: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-42384" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-42384" + }, + : { + "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" + }, + : { + "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42384" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5179-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + }, + : { + "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + } + ], + "cwes": [ + : 416 + ], + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function", + "id": "CVE-2021-42384", + "published": "2021-11-15T21:15:08+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "amazon" + } + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv2", + "score": 6.5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.2, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "method": "CVSSv31", + "score": 6.6, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "severity": "low", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:39:10+00:00" + } + 25: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-42385" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-42385" + }, + : { + "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" + }, + : { + "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42385" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5179-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + }, + : { + "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + } + ], + "cwes": [ + : 416 + ], + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function", + "id": "CVE-2021-42385", + "published": "2021-11-15T21:15:08+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "amazon" + } + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv2", + "score": 6.5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.2, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "method": "CVSSv31", + "score": 6.6, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "severity": "low", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:39:10+00:00" + } + 26: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-42386" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-42386" + }, + : { + "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" + }, + : { + "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42386" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5179-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + }, + : { + "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + } + ], + "cwes": [ + : 416 + ], + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function", + "id": "CVE-2021-42386", + "published": "2021-11-15T21:15:08+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "amazon" + } + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv2", + "score": 6.5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.2, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "method": "CVSSv31", + "score": 6.6, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "severity": "low", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:39:10+00:00" + } + 27: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2021-43565" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2021-43565" + }, + : { + "url": "https://go.dev/cl/368814" + }, + : { + "url": "https://go.dev/issues/49932" + }, + : { + "url": "https://groups.google.com/forum/#!forum/golang-announce" + }, + : { + "url": "https://groups.google.com/forum/#%21forum/golang-announce" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2022-0968" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565" + } + ], + "affects": [ + : { + "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "718081db-83c2-4309-87c8-e43228139b88", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "84eac386-ca89-4217-8a72-84d77e3bd144", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210421170649-83a5a9bb288b" + } + ] + }, + : { + "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210421170649-83a5a9bb288b" + } + ] + }, + : { + "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200323165209-0ec3e9974c59" + } + ] + } + ], + "description": "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.", + "id": "CVE-2021-43565", + "published": "2022-09-06T18:15:10+00:00", + "ratings": [ + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20211202192323-5770296d904e", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-07T03:39:23+00:00" + } + 28: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + }, + : { + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + }, + : { + "url": "http://seclists.org/fulldisclosure/2022/May/33" + }, + : { + "url": "http://seclists.org/fulldisclosure/2022/May/35" + }, + : { + "url": "http://seclists.org/fulldisclosure/2022/May/38" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2022:5326" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + }, + : { + "url": "https://bugzilla.redhat.com/2062202" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202" + }, + : { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + }, + : { + "url": "https://errata.almalinux.org/8/ALSA-2022-5326.html" + }, + : { + "url": "https://errata.rockylinux.org/RLSA-2022:4899" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + }, + : { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + }, + : { + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + }, + : { + "url": "https://security.gentoo.org/glsa/202210-02" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220321-0002" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220429-0005" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + }, + : { + "url": "https://support.apple.com/kb/HT213255" + }, + : { + "url": "https://support.apple.com/kb/HT213256" + }, + : { + "url": "https://support.apple.com/kb/HT213257" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5328-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5328-2" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6457-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778" + }, + : { + "url": "https://www.debian.org/security/2022/dsa-5103" + }, + : { + "url": "https://www.openssl.org/news/secadv/20220315.txt" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + : { + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + : { + "url": "https://www.tenable.com/security/tns-2022-06" + }, + : { + "url": "https://www.tenable.com/security/tns-2022-07" + }, + : { + "url": "https://www.tenable.com/security/tns-2022-08" + }, + : { + "url": "https://www.tenable.com/security/tns-2022-09" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + }, + : { + "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + } + ], + "cwes": [ + : 835 + ], + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "id": "CVE-2022-0778", + "published": "2022-03-15T17:15:08+00:00", + "ratings": [ + : { + "severity": "low", + "source": { + "name": "alma" + } + }, + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv2", + "score": 5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "high", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "rocky" + } + }, + : { + "severity": "high", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade libcrypto1.1 to version 1.1.1n-r0; Upgrade libssl1.1 to version 1.1.1n-r0", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:41:33+00:00" + } + 29: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-2097" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2022:6224" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2022-2097" + }, + : { + "url": "https://bugzilla.redhat.com/2081494" + }, + : { + "url": "https://bugzilla.redhat.com/2087911" + }, + : { + "url": "https://bugzilla.redhat.com/2087913" + }, + : { + "url": "https://bugzilla.redhat.com/2097310" + }, + : { + "url": "https://bugzilla.redhat.com/2104905" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100554" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104905" + }, + : { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" + }, + : { + "url": "https://errata.almalinux.org/9/ALSA-2022-6224.html" + }, + : { + "url": "https://errata.rockylinux.org/RLSA-2022:5818" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" + }, + : { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + }, + : { + "url": "https://github.com/alexcrichton/openssl-src-rs" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2022-2097.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2022-9751.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" + }, + : { + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" + }, + : { + "url": "https://security.gentoo.org/glsa/202210-02" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220715-0011" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20230420-0008" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20230420-0008/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5502-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6457-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097" + }, + : { + "url": "https://www.debian.org/security/2023/dsa-5343" + }, + : { + "url": "https://www.openssl.org/news/secadv/20220705.txt" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + }, + : { + "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.1.1j-r0" + } + ] + } + ], + "cwes": [ + : 327 + ], + "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "id": "CVE-2022-2097", + "published": "2022-07-05T11:15:08+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "alma" + } + }, + : { + "severity": "medium", + "source": { + "name": "amazon" + } + }, + : { + "severity": "medium", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + : { + "method": "CVSSv2", + "score": 5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N" + }, + : { + "method": "CVSSv31", + "score": 5.3, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "medium", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 5.3, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + : { + "severity": "medium", + "source": { + "name": "rocky" + } + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade libcrypto1.1 to version 1.1.1q-r0; Upgrade libssl1.1 to version 1.1.1q-r0", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-11-07T03:46:13+00:00" + } + 31: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-26652" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2022/03/10/1" + }, + : { + "url": "https://advisories.nats.io/CVE/CVE-2022-26652.txt" + }, + : { + "url": "https://github.com/nats-io/nats-server" + }, + : { + "url": "https://github.com/nats-io/nats-server/pull/2917" + }, + : { + "url": "https://github.com/nats-io/nats-server/releases" + }, + : { + "url": "https://github.com/nats-io/nats-server/releases/tag/v2.7.4" + }, + : { + "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68" + }, + : { + "url": "https://github.com/nats-io/nats-streaming-server/releases/tag/v0.24.3" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26652" + } + ], + "affects": [ + : { + "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2", + "versions": [ + : { + "status": "affected", + "version": "v2.2.2" + } + ] + } + ], + "cwes": [ + : 22 + ], + "description": "NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.", + "id": "CVE-2022-26652", + "published": "2022-03-10T17:47:51+00:00", + "ratings": [ + : { + "method": "CVSSv31", + "score": 6.5, + "severity": "medium", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + }, + : { + "method": "CVSSv31", + "score": 6.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + }, + : { + "method": "CVSSv2", + "score": 4, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + }, + : { + "method": "CVSSv31", + "score": 6.5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.7.4", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2022-03-18T01:44:13+00:00" + } + 32: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-27191" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2022:8008" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2022-27191" + }, + : { + "url": "https://bugzilla.redhat.com/1939485" + }, + : { + "url": "https://bugzilla.redhat.com/1989564" + }, + : { + "url": "https://bugzilla.redhat.com/1989570" + }, + : { + "url": "https://bugzilla.redhat.com/1989575" + }, + : { + "url": "https://bugzilla.redhat.com/2064702" + }, + : { + "url": "https://bugzilla.redhat.com/2121445" + }, + : { + "url": "https://bugzilla.redhat.com/2121453" + }, + : { + "url": "https://cs.opensource.google/go/x/crypto" + }, + : { + "url": "https://errata.almalinux.org/9/ALSA-2022-8008.html" + }, + : { + "url": "https://go.dev/cl/392355" + }, + : { + "url": "https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d" + }, + : { + "url": "https://groups.google.com/g/golang-announce" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2022-27191.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2022-8008.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2021-0356" + }, + : { + "url": "https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220429-0002" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220429-0002/" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191" + } + ], + "affects": [ + : { + "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "718081db-83c2-4309-87c8-e43228139b88", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "84eac386-ca89-4217-8a72-84d77e3bd144", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210421170649-83a5a9bb288b" + } + ] + }, + : { + "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210421170649-83a5a9bb288b" + } + ] + }, + : { + "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200323165209-0ec3e9974c59" + } + ] + } + ], + "description": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.", + "id": "CVE-2022-27191", + "published": "2022-03-18T07:15:06+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "alma" + } + }, + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv2", + "score": 4.3, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20220314234659-1baeb1ce4c0b", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-07T03:45:17+00:00" + } + 33: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-27664" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2023:2357" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2022-27664" + }, + : { + "url": "https://bugzilla.redhat.com/2107371" + }, + : { + "url": "https://bugzilla.redhat.com/2107374" + }, + : { + "url": "https://bugzilla.redhat.com/2107383" + }, + : { + "url": "https://bugzilla.redhat.com/2107386" + }, + : { + "url": "https://bugzilla.redhat.com/2107388" + }, + : { + "url": "https://bugzilla.redhat.com/2113814" + }, + : { + "url": "https://bugzilla.redhat.com/2124669" + }, + : { + "url": "https://bugzilla.redhat.com/2132868" + }, + : { + "url": "https://bugzilla.redhat.com/2132872" + }, + : { + "url": "https://bugzilla.redhat.com/2161274" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" + }, + : { + "url": "https://cs.opensource.google/go/x/net" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189" + }, + : { + "url": "https://errata.almalinux.org/9/ALSA-2023-2357.html" + }, + : { + "url": "https://errata.rockylinux.org/RLSA-2022:7129" + }, + : { + "url": "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)" + }, + : { + "url": "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)" + }, + : { + "url": "https://github.com/golang/go/issues/54658" + }, + : { + "url": "https://go.dev/cl/428735" + }, + : { + "url": "https://go.dev/issue/54658" + }, + : { + "url": "https://groups.google.com/g/golang-announce" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2022-27664.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2024-0121.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2022-0969" + }, + : { + "url": "https://security.gentoo.org/glsa/202209-26" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220923-0004" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220923-0004/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6038-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6038-2" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" + } + ], + "affects": [ + : { + "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210428140749-89ef3d95e781" + } + ] + } + ], + "description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "id": "CVE-2022-27664", + "published": "2022-09-06T18:15:12+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "alma" + } + }, + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "high", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 6.5, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "rocky" + } + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade golang.org/x/net to version 0.0.0-20220906165146-f3363e06e74c", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-07T03:45:22+00:00" + } + 35: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-29526" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2022-29526" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526" + }, + : { + "url": "https://github.com/golang/go" + }, + : { + "url": "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c" + }, + : { + "url": "https://github.com/golang/go/issues/52313" + }, + : { + "url": "https://go.dev/cl/399539" + }, + : { + "url": "https://go.dev/cl/400074" + }, + : { + "url": "https://go.dev/issue/52313" + }, + : { + "url": "https://groups.google.com/g/golang-announce" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2022-29526.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2022-5337.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2022-0493" + }, + : { + "url": "https://security.gentoo.org/glsa/202208-02" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220729-0001" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220729-0001/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6038-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6038-2" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526" + } + ], + "affects": [ + : { + "ref": "pkg:golang/golang.org/x/sys@v0.0.0-20210421221651-33663a62ff08", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210421221651-33663a62ff08" + } + ] + }, + : { + "ref": "pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210426230700-d19ff857e887" + } + ] + } + ], + "cwes": [ + : 269 + ], + "description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", + "id": "CVE-2022-29526", + "published": "2022-06-23T17:15:12+00:00", + "ratings": [ + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 5.3, + "severity": "medium", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + : { + "severity": "medium", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 5.3, + "severity": "medium", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + : { + "method": "CVSSv2", + "score": 5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N" + }, + : { + "method": "CVSSv31", + "score": 5.3, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "medium", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 6.2, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade golang.org/x/sys to version 0.0.0-20220412211240-33da011f77ad", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-07T03:46:03+00:00" + } + 36: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-30065" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2022-30065" + }, + : { + "url": "https://bugs.busybox.net/show_bug.cgi?id=14781" + }, + : { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30065" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + }, + : { + "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.32.1-r3" + } + ] + } + ], + "cwes": [ + : 416 + ], + "description": "A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.", + "id": "CVE-2022-30065", + "published": "2022-05-18T15:15:10+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "amazon" + } + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv2", + "score": 6.8, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P" + }, + : { + "method": "CVSSv31", + "score": 7.8, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + }, + : { + "method": "CVSSv31", + "score": 6.2, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "recommendation": "Upgrade busybox to version 1.32.1-r9; Upgrade ssl_client to version 1.32.1-r9", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-02-11T17:44:54+00:00" + } + 37: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-32149" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2022-32149" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149" + }, + : { + "url": "https://github.com/golang/go/issues/56152" + }, + : { + "url": "https://github.com/golang/text" + }, + : { + "url": "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c" + }, + : { + "url": "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)" + }, + : { + "url": "https://go.dev/cl/442235" + }, + : { + "url": "https://go.dev/issue/56152" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ" + }, + : { + "url": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2022-1059" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5873-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149" + } + ], + "affects": [ + : { + "ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77", + "versions": [ + : { + "status": "affected", + "version": "v0.3.6" + } + ] + }, + : { + "ref": "99b7b900-55f8-4676-8c8f-32262681845b", + "versions": [ + : { + "status": "affected", + "version": "v0.3.6" + } + ] + } + ], + "cwes": [ + : 772 + ], + "description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "id": "CVE-2022-32149", + "published": "2022-10-14T15:15:34+00:00", + "ratings": [ + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade golang.org/x/text to version 0.3.8", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2022-10-18T17:41:31+00:00" + } + 38: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-37434" + }, + : { + "url": "http://seclists.org/fulldisclosure/2022/Oct/37" + }, + : { + "url": "http://seclists.org/fulldisclosure/2022/Oct/38" + }, + : { + "url": "http://seclists.org/fulldisclosure/2022/Oct/41" + }, + : { + "url": "http://seclists.org/fulldisclosure/2022/Oct/42" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2022/08/05/2" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2022/08/09/1" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2022:8291" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2022-37434" + }, + : { + "url": "https://bugzilla.redhat.com/2116639" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053198" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077431" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081296" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116639" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434" + }, + : { + "url": "https://errata.almalinux.org/9/ALSA-2022-8291.html" + }, + : { + "url": "https://errata.rockylinux.org/RLSA-2022:8291" + }, + : { + "url": "https://github.com/curl/curl/issues/9271" + }, + : { + "url": "https://github.com/ivd38/zlib_overflow" + }, + : { + "url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063" + }, + : { + "url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1" + }, + : { + "url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2022-37434.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2023-1095.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20220901-0005/" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" + }, + : { + "url": "https://support.apple.com/kb/HT213488" + }, + : { + "url": "https://support.apple.com/kb/HT213489" + }, + : { + "url": "https://support.apple.com/kb/HT213490" + }, + : { + "url": "https://support.apple.com/kb/HT213491" + }, + : { + "url": "https://support.apple.com/kb/HT213493" + }, + : { + "url": "https://support.apple.com/kb/HT213494" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5570-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5570-2" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-5573-1" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434" + }, + : { + "url": "https://www.debian.org/security/2022/dsa-5218" + } + ], + "affects": [ + : { + "ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2", + "versions": [ + : { + "status": "affected", + "version": "1.2.11-r3" + } + ] + } + ], + "cwes": [ + : 787 + ], + "description": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", + "id": "CVE-2022-37434", + "published": "2022-08-05T07:15:07+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "alma" + } + }, + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "severity": "critical", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 9.8, + "severity": "critical", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "critical", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 7, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "rocky" + } + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade zlib to version 1.2.12-r2", + "source": { + "name": "alpine", + "url": "https://secdb.alpinelinux.org/" + }, + "updated": "2023-07-19T00:56:46+00:00" + } + 39: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2022-41723" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2023:6474" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2022-41723" + }, + : { + "url": "https://bugzilla.redhat.com/2174485" + }, + : { + "url": "https://bugzilla.redhat.com/2178358" + }, + : { + "url": "https://bugzilla.redhat.com/2178488" + }, + : { + "url": "https://bugzilla.redhat.com/2178492" + }, + : { + "url": "https://bugzilla.redhat.com/2184481" + }, + : { + "url": "https://bugzilla.redhat.com/2184482" + }, + : { + "url": "https://bugzilla.redhat.com/2184483" + }, + : { + "url": "https://bugzilla.redhat.com/2184484" + }, + : { + "url": "https://bugzilla.redhat.com/2196026" + }, + : { + "url": "https://bugzilla.redhat.com/2196027" + }, + : { + "url": "https://bugzilla.redhat.com/2196029" + }, + : { + "url": "https://bugzilla.redhat.com/2222167" + }, + : { + "url": "https://bugzilla.redhat.com/2228689" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723" + }, + : { + "url": "https://errata.almalinux.org/9/ALSA-2023-6474.html" + }, + : { + "url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h" + }, + : { + "url": "https://go.dev/cl/468135" + }, + : { + "url": "https://go.dev/cl/468295" + }, + : { + "url": "https://go.dev/issue/57855" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2022-41723.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2023-6939.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2023-1571" + }, + : { + "url": "https://security.gentoo.org/glsa/202311-09" + }, + : { + "url": "https://vuln.go.dev/ID/GO-2023-1571.json" + }, + : { + "url": "https://www.couchbase.com/alerts" + }, + : { + "url": "https://www.couchbase.com/alerts/" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" + } + ], + "affects": [ + : { + "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210428140749-89ef3d95e781" + } + ] + } + ], + "description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "id": "CVE-2022-41723", + "published": "2023-02-28T18:15:09+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "alma" + } + }, + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "high", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade golang.org/x/net to version 0.7.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-25T11:15:10+00:00" + } + 40: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2023-39325" + }, + : { + "url": "golang.org/x/net" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2023:6077" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2023-39325" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2023-44487" + }, + : { + "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" + }, + : { + "url": "https://bugzilla.redhat.com/2242803" + }, + : { + "url": "https://bugzilla.redhat.com/2243296" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487" + }, + : { + "url": "https://errata.almalinux.org/9/ALSA-2023-6077.html" + }, + : { + "url": "https://errata.rockylinux.org/RLSA-2023:6077" + }, + : { + "url": "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]" + }, + : { + "url": "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]" + }, + : { + "url": "https://github.com/golang/go/issues/63417" + }, + : { + "url": "https://go.dev/cl/534215" + }, + : { + "url": "https://go.dev/cl/534235" + }, + : { + "url": "https://go.dev/issue/63417" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2023-39325.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2023-5867.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2023-2102" + }, + : { + "url": "https://security.gentoo.org/glsa/202311-09" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20231110-0008" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20231110-0008/" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6574-1" + }, + : { + "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" + } + ], + "affects": [ + : { + "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210428140749-89ef3d95e781" + } + ] + } + ], + "cwes": [ + : 770 + ], + "description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "id": "CVE-2023-39325", + "published": "2023-10-11T22:15:09+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "alma" + } + }, + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "medium", + "source": { + "name": "rocky" + } + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade golang.org/x/net to version 0.17.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2024-03-10T04:15:05+00:00" + } + 41: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2023-3978" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2023:6474" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2023-3978" + }, + : { + "url": "https://bugzilla.redhat.com/2174485" + }, + : { + "url": "https://bugzilla.redhat.com/2178358" + }, + : { + "url": "https://bugzilla.redhat.com/2178488" + }, + : { + "url": "https://bugzilla.redhat.com/2178492" + }, + : { + "url": "https://bugzilla.redhat.com/2184481" + }, + : { + "url": "https://bugzilla.redhat.com/2184482" + }, + : { + "url": "https://bugzilla.redhat.com/2184483" + }, + : { + "url": "https://bugzilla.redhat.com/2184484" + }, + : { + "url": "https://bugzilla.redhat.com/2196026" + }, + : { + "url": "https://bugzilla.redhat.com/2196027" + }, + : { + "url": "https://bugzilla.redhat.com/2196029" + }, + : { + "url": "https://bugzilla.redhat.com/2222167" + }, + : { + "url": "https://bugzilla.redhat.com/2228689" + }, + : { + "url": "https://errata.almalinux.org/9/ALSA-2023-6474.html" + }, + : { + "url": "https://go.dev/cl/514896" + }, + : { + "url": "https://go.dev/issue/61615" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2023-3978.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2023-6939.html" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3978" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2023-1988" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978" + } + ], + "affects": [ + : { + "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210428140749-89ef3d95e781" + } + ] + } + ], + "cwes": [ + : 79 + ], + "description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", + "id": "CVE-2023-3978", + "published": "2023-08-02T20:15:12+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "alma" + } + }, + : { + "severity": "medium", + "source": { + "name": "amazon" + } + }, + : { + "severity": "medium", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 6.1, + "severity": "medium", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + : { + "method": "CVSSv31", + "score": 6.1, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "method": "CVSSv31", + "score": 6.1, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "recommendation": "Upgrade golang.org/x/net to version 0.13.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-07T04:20:03+00:00" + } + 42: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2023-44487" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2023:6746" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2023-44487" + }, + : { + "url": "https://access.redhat.com/security/cve/cve-2023-44487" + }, + : { + "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size" + }, + : { + "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/" + }, + : { + "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011" + }, + : { + "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/" + }, + : { + "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack" + }, + : { + "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/" + }, + : { + "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack" + }, + : { + "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" + }, + : { + "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty" + }, + : { + "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/" + }, + : { + "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack" + }, + : { + "url": "https://blog.vespa.ai/cve-2023-44487" + }, + : { + "url": "https://blog.vespa.ai/cve-2023-44487/" + }, + : { + "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988" + }, + : { + "url": "https://bugzilla.redhat.com/2242803" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" + }, + : { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123" + }, + : { + "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9" + }, + : { + "url": "https://chaos.social/@icing/111210915918780532" + }, + : { + "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps" + }, + : { + "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/" + }, + : { + "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" + }, + : { + "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487" + }, + : { + "url": "https://devblogs.microsoft.com/dotnet/october-2023-updates/" + }, + : { + "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715" + }, + : { + "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve" + }, + : { + "url": "https://errata.almalinux.org/9/ALSA-2023-6746.html" + }, + : { + "url": "https://errata.rockylinux.org/RLSA-2023:5838" + }, + : { + "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764" + }, + : { + "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088" + }, + : { + "url": "https://github.com/Azure/AKS/issues/3947" + }, + : { + "url": "https://github.com/Kong/kong/discussions/11741" + }, + : { + "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3" + }, + : { + "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg" + }, + : { + "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p" + }, + : { + "url": "https://github.com/akka/akka-http/issues/4323" + }, + : { + "url": "https://github.com/alibaba/tengine/issues/1872" + }, + : { + "url": "https://github.com/apache/apisix/issues/10320" + }, + : { + "url": "https://github.com/apache/httpd-site/pull/10" + }, + : { + "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113" + }, + : { + "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2" + }, + : { + "url": "https://github.com/apache/trafficserver/pull/10564" + }, + : { + "url": "https://github.com/apple/swift-nio-http2" + }, + : { + "url": "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3" + }, + : { + "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487" + }, + : { + "url": "https://github.com/bcdannyboy/CVE-2023-44487" + }, + : { + "url": "https://github.com/caddyserver/caddy/issues/5877" + }, + : { + "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5" + }, + : { + "url": "https://github.com/dotnet/announcements/issues/277" + }, + : { + "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73" + }, + : { + "url": "https://github.com/eclipse/jetty.project/issues/10679" + }, + : { + "url": "https://github.com/envoyproxy/envoy/pull/30055" + }, + : { + "url": "https://github.com/etcd-io/etcd/issues/16740" + }, + : { + "url": "https://github.com/facebook/proxygen/pull/466" + }, + : { + "url": "https://github.com/golang/go/issues/63417" + }, + : { + "url": "https://github.com/grpc/grpc-go/pull/6703" + }, + : { + "url": "https://github.com/grpc/grpc-go/releases" + }, + : { + "url": "https://github.com/h2o/h2o/pull/3291" + }, + : { + "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf" + }, + : { + "url": "https://github.com/haproxy/haproxy/issues/2312" + }, + : { + "url": "https://github.com/hyperium/hyper/issues/3337" + }, + : { + "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244" + }, + : { + "url": "https://github.com/junkurihara/rust-rpxy/issues/97" + }, + : { + "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1" + }, + : { + "url": "https://github.com/kazu-yamamoto/http2/issues/93" + }, + : { + "url": "https://github.com/kubernetes/kubernetes/pull/121120" + }, + : { + "url": "https://github.com/line/armeria/pull/5232" + }, + : { + "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632" + }, + : { + "url": "https://github.com/micrictor/http2-rst-stream" + }, + : { + "url": "https://github.com/microsoft/CBL-Mariner/pull/6381" + }, + : { + "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61" + }, + : { + "url": "https://github.com/nghttp2/nghttp2/pull/1961" + }, + : { + "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0" + }, + : { + "url": "https://github.com/ninenines/cowboy/issues/1615" + }, + : { + "url": "https://github.com/nodejs/node/pull/50121" + }, + : { + "url": "https://github.com/openresty/openresty/issues/930" + }, + : { + "url": "https://github.com/opensearch-project/data-prepper/issues/3474" + }, + : { + "url": "https://github.com/oqtane/oqtane.framework/discussions/3367" + }, + : { + "url": "https://github.com/projectcontour/contour/pull/5826" + }, + : { + "url": "https://github.com/tempesta-tech/tempesta/issues/1986" + }, + : { + "url": "https://github.com/varnishcache/varnish-cache/issues/3996" + }, + : { + "url": "https://go.dev/cl/534215" + }, + : { + "url": "https://go.dev/cl/534235" + }, + : { + "url": "https://go.dev/issue/63417" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ" + }, + : { + "url": "https://istio.io/latest/news/security/istio-security-2023-004" + }, + : { + "url": "https://istio.io/latest/news/security/istio-security-2023-004/" + }, + : { + "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487" + }, + : { + "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2023-44487.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2023-7205.html" + }, + : { + "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4" + }, + : { + "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html" + }, + : { + "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html" + }, + : { + "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html" + }, + : { + "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2" + }, + : { + "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/" + }, + : { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487" + }, + : { + "url": "https://my.f5.com/manage/s/article/K000137106" + }, + : { + "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html" + }, + : { + "url": "https://news.ycombinator.com/item?id=37830987" + }, + : { + "url": "https://news.ycombinator.com/item?id=37830998" + }, + : { + "url": "https://news.ycombinator.com/item?id=37831062" + }, + : { + "url": "https://news.ycombinator.com/item?id=37837043" + }, + : { + "url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" + }, + : { + "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response" + }, + : { + "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/" + }, + : { + "url": "https://pkg.go.dev/vuln/GO-2023-2102" + }, + : { + "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected" + }, + : { + "url": "https://security.gentoo.org/glsa/202311-09" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20231016-0001" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20231016-0001/" + }, + : { + "url": "https://security.paloaltonetworks.com/CVE-2023-44487" + }, + : { + "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14" + }, + : { + "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12" + }, + : { + "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94" + }, + : { + "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81" + }, + : { + "url": "https://ubuntu.com/security/CVE-2023-44487" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6427-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6427-2" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6438-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6505-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6574-1" + }, + : { + "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records" + }, + : { + "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" + }, + : { + "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" + }, + : { + "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event" + }, + : { + "url": "https://www.debian.org/security/2023/dsa-5521" + }, + : { + "url": "https://www.debian.org/security/2023/dsa-5522" + }, + : { + "url": "https://www.debian.org/security/2023/dsa-5540" + }, + : { + "url": "https://www.debian.org/security/2023/dsa-5549" + }, + : { + "url": "https://www.debian.org/security/2023/dsa-5558" + }, + : { + "url": "https://www.debian.org/security/2023/dsa-5570" + }, + : { + "url": "https://www.eclipse.org/lists/jetty-announce/msg00181.html" + }, + : { + "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487" + }, + : { + "url": "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html" + }, + : { + "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487" + }, + : { + "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/" + }, + : { + "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products" + }, + : { + "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" + }, + : { + "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6" + }, + : { + "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack" + }, + : { + "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday" + }, + : { + "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/" + } + ], + "affects": [ + : { + "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210428140749-89ef3d95e781" + } + ] + } + ], + "cwes": [ + : 400 + ], + "description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", + "id": "CVE-2023-44487", + "published": "2023-10-10T14:15:10+00:00", + "ratings": [ + : { + "severity": "high", + "source": { + "name": "alma" + } + }, + : { + "severity": "high", + "source": { + "name": "amazon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "bitnami" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 5.3, + "severity": "medium", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "high", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + : { + "severity": "high", + "source": { + "name": "rocky" + } + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade golang.org/x/net to version 0.17.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2024-02-02T15:40:23+00:00" + } + 43: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2023-47090" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/10/30/1" + }, + : { + "url": "https://advisories.nats.io/CVE/secnote-2023-01.txt" + }, + : { + "url": "https://github.com/nats-io/nats-server" + }, + : { + "url": "https://github.com/nats-io/nats-server/commit/fa5b7afcb64e7e887e49afdd032358802b5c4478" + }, + : { + "url": "https://github.com/nats-io/nats-server/discussions/4535" + }, + : { + "url": "https://github.com/nats-io/nats-server/pull/4605" + }, + : { + "url": "https://github.com/nats-io/nats-server/releases/tag/v2.10.2" + }, + : { + "url": "https://github.com/nats-io/nats-server/releases/tag/v2.9.23" + }, + : { + "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47090" + }, + : { + "url": "https://www.openwall.com/lists/oss-security/2023/10/13/2" + } + ], + "affects": [ + : { + "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2", + "versions": [ + : { + "status": "affected", + "version": "v2.2.2" + } + ] + } + ], + "cwes": [ + : 863 + ], + "description": "NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.", + "id": "CVE-2023-47090", + "published": "2023-10-30T17:15:52+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "cbl-mariner" + } + }, + : { + "severity": "high", + "source": { + "name": "ghsa" + } + }, + : { + "method": "CVSSv31", + "score": 6.5, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.9.23, 2.10.2", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2023-11-08T00:15:54+00:00" + } + 44: { + "advisories": [ + : { + "url": "https://avd.aquasec.com/nvd/cve-2023-48795" + }, + : { + "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" + }, + : { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" + }, + : { + "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" + }, + : { + "url": "https://access.redhat.com/errata/RHSA-2024:1150" + }, + : { + "url": "https://access.redhat.com/security/cve/CVE-2023-48795" + }, + : { + "url": "https://access.redhat.com/security/cve/cve-2023-48795" + }, + : { + "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack" + }, + : { + "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" + }, + : { + "url": "https://bugs.gentoo.org/920280" + }, + : { + "url": "https://bugzilla.redhat.com/2254210" + }, + : { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" + }, + : { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" + }, + : { + "url": "https://crates.io/crates/thrussh/versions" + }, + : { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795" + }, + : { + "url": "https://errata.almalinux.org/9/ALSA-2024-1150.html" + }, + : { + "url": "https://errata.rockylinux.org/RLSA-2024:0628" + }, + : { + "url": "https://filezilla-project.org/versions.php" + }, + : { + "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" + }, + : { + "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" + }, + : { + "url": "https://github.com/NixOS/nixpkgs/pull/275249" + }, + : { + "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" + }, + : { + "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" + }, + : { + "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" + }, + : { + "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" + }, + : { + "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" + }, + : { + "url": "https://github.com/apache/mina-sshd/issues/445" + }, + : { + "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" + }, + : { + "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" + }, + : { + "url": "https://github.com/cyd01/KiTTY/issues/520" + }, + : { + "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" + }, + : { + "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" + }, + : { + "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" + }, + : { + "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" + }, + : { + "url": "https://github.com/hierynomus/sshj/issues/916" + }, + : { + "url": "https://github.com/janmojzis/tinyssh/issues/81" + }, + : { + "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" + }, + : { + "url": "https://github.com/libssh2/libssh2/pull/1291" + }, + : { + "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" + }, + : { + "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" + }, + : { + "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" + }, + : { + "url": "https://github.com/mwiede/jsch/issues/457" + }, + : { + "url": "https://github.com/mwiede/jsch/pull/461" + }, + : { + "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" + }, + : { + "url": "https://github.com/openssh/openssh-portable/commits/master" + }, + : { + "url": "https://github.com/paramiko/paramiko/issues/2337" + }, + : { + "url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773" + }, + : { + "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" + }, + : { + "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" + }, + : { + "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" + }, + : { + "url": "https://github.com/proftpd/proftpd/issues/456" + }, + : { + "url": "https://github.com/rapier1/hpn-ssh/releases" + }, + : { + "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" + }, + : { + "url": "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55" + }, + : { + "url": "https://github.com/ronf/asyncssh/tags" + }, + : { + "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" + }, + : { + "url": "https://github.com/warp-tech/russh" + }, + : { + "url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951" + }, + : { + "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" + }, + : { + "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8" + }, + : { + "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" + }, + : { + "url": "https://go.dev/cl/550715" + }, + : { + "url": "https://go.dev/issue/64784" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" + }, + : { + "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" + }, + : { + "url": "https://help.panic.com/releasenotes/transmit5" + }, + : { + "url": "https://help.panic.com/releasenotes/transmit5/" + }, + : { + "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795" + }, + : { + "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" + }, + : { + "url": "https://linux.oracle.com/cve/CVE-2023-48795.html" + }, + : { + "url": "https://linux.oracle.com/errata/ELSA-2024-12233.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" + }, + : { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" + }, + : { + "url": "https://matt.ucc.asn.au/dropbear/CHANGES" + }, + : { + "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" + }, + : { + "url": "https://news.ycombinator.com/item?id=38684904" + }, + : { + "url": "https://news.ycombinator.com/item?id=38685286" + }, + : { + "url": "https://news.ycombinator.com/item?id=38732005" + }, + : { + "url": "https://nova.app/releases/#v11.8" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" + }, + : { + "url": "https://oryx-embedded.com/download/#changelog" + }, + : { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" + }, + : { + "url": "https://roumenpetrov.info/secsh/#news20231220" + }, + : { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" + }, + : { + "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" + }, + : { + "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" + }, + : { + "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" + }, + : { + "url": "https://security.gentoo.org/glsa/202312-16" + }, + : { + "url": "https://security.gentoo.org/glsa/202312-17" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20240105-0004" + }, + : { + "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" + }, + : { + "url": "https://support.apple.com/kb/HT214084" + }, + : { + "url": "https://terrapin-attack.com/" + }, + : { + "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway" + }, + : { + "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" + }, + : { + "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" + }, + : { + "url": "https://ubuntu.com/security/CVE-2023-48795" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6560-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6560-2" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6561-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6585-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6589-1" + }, + : { + "url": "https://ubuntu.com/security/notices/USN-6598-1" + }, + : { + "url": "https://winscp.net/eng/docs/history#6.2.2" + }, + : { + "url": "https://www.bitvise.com/ssh-client-version-history#933" + }, + : { + "url": "https://www.bitvise.com/ssh-server-version-history" + }, + : { + "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" + }, + : { + "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" + }, + : { + "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" + }, + : { + "url": "https://www.debian.org/security/2023/dsa-5586" + }, + : { + "url": "https://www.debian.org/security/2023/dsa-5588" + }, + : { + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" + }, + : { + "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" + }, + : { + "url": "https://www.netsarang.com/en/xshell-update-history" + }, + : { + "url": "https://www.netsarang.com/en/xshell-update-history/" + }, + : { + "url": "https://www.openssh.com/openbsd.html" + }, + : { + "url": "https://www.openssh.com/txt/release-9.6" + }, + : { + "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" + }, + : { + "url": "https://www.openwall.com/lists/oss-security/2023/12/18/3" + }, + : { + "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" + }, + : { + "url": "https://www.paramiko.org/changelog.html" + }, + : { + "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed" + }, + : { + "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" + }, + : { + "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795" + }, + : { + "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" + }, + : { + "url": "https://www.terrapin-attack.com" + }, + : { + "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" + }, + : { + "url": "https://www.vandyke.com/products/securecrt/history.txt" + } + ], + "affects": [ + : { + "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "718081db-83c2-4309-87c8-e43228139b88", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "84eac386-ca89-4217-8a72-84d77e3bd144", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210421170649-83a5a9bb288b" + } + ] + }, + : { + "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200622213623-75b288015ac9" + } + ] + }, + : { + "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20210421170649-83a5a9bb288b" + } + ] + }, + : { + "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59", + "versions": [ + : { + "status": "affected", + "version": "v0.0.0-20200323165209-0ec3e9974c59" + } + ] + } + ], + "cwes": [ + : 354 + ], + "description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", + "id": "CVE-2023-48795", + "published": "2023-12-18T16:15:10+00:00", + "ratings": [ + : { + "severity": "medium", + "source": { + "name": "alma" + } + }, + : { + "severity": "medium", + "source": { + "name": "amazon" + } + }, + : { + "severity": "medium", + "source": { + "name": "cbl-mariner" + } + }, + : { + "method": "CVSSv31", + "score": 5.9, + "severity": "medium", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + : { + "method": "CVSSv31", + "score": 5.9, + "severity": "medium", + "source": { + "name": "nvd" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + : { + "severity": "medium", + "source": { + "name": "oracle-oval" + } + }, + : { + "severity": "medium", + "source": { + "name": "photon" + } + }, + : { + "method": "CVSSv31", + "score": 5.9, + "severity": "medium", + "source": { + "name": "redhat" + }, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + : { + "severity": "medium", + "source": { + "name": "rocky" + } + }, + : { + "severity": "medium", + "source": { + "name": "ubuntu" + } + } + ], + "recommendation": "Upgrade golang.org/x/crypto to version 0.17.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "updated": "2024-03-13T21:15:54+00:00" + } + 45: { + "advisories": [ + : { + "url": "https://github.com/advisories/GHSA-2c64-vj8g-vwrq" + }, + : { + "url": "https://advisories.nats.io/CVE/CVE-2020-26892.txt" + }, + : { + "url": "https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a" + }, + : { + "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-2c64-vj8g-vwrq" + } + ], + "affects": [ + : { + "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + } + ], + "description": "(This advisory is canonically https://advisories.nats.io/CVE/CVE-2020-26892.txt ) ## Problem Description NATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled. The NATS accounts system has expiration timestamps on credentials; the library had an API which encouraged misuse and an `IsRevoked()` method which misused its own API. A new `IsClaimRevoked()` method has correct handling and the nats-server has been updated to use this. The old `IsRevoked()` method now always returns true and other client code will have to be updated to avoid calling it. The CVE identifier should cover any application using the old JWT API, where the nats-server is one of those applications. ## Affected versions #### JWT library * all versions prior to 1.1.0 * fixed after nats-io/jwt PR 103 landed (2020-10-06) #### NATS Server * Version 2 prior to 2.1.9 + 2.0.0 through and including 2.1.8 are vulnerable. * fixed with nats-io/nats-server PRs 1632, 1635, 1645 ## Impact Time-based credential expiry did not work. ## Workaround Have credentials which only expire after fixes can be deployed. ## Solution Upgrade the JWT dependency in any application using it. Upgrade the NATS server if using NATS Accounts.", + "id": "GHSA-2c64-vj8g-vwrq", + "ratings": [ + : { + "severity": "high", + "source": { + "name": "ghsa" + } + } + ], + "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + } + } + 46: { + "advisories": [ + : { + "url": "https://github.com/advisories/GHSA-62mh-w5cv-p88c" + }, + : { + "url": "https://advisories.nats.io/CVE/CVE-2021-3127.txt" + }, + : { + "url": "https://github.com/nats-io/jwt" + }, + : { + "url": "https://github.com/nats-io/jwt/pull/149" + }, + : { + "url": "https://github.com/nats-io/jwt/security/advisories/GHSA-62mh-w5cv-p88c" + } + ], + "affects": [ + : { + "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0", + "versions": [ + : { + "status": "affected", + "version": "v1.1.0" + } + ] + }, + : { + "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2", + "versions": [ + : { + "status": "affected", + "version": "v1.2.2" + } + ] + } + ], + "description": "(This advisory is canonically ) ## Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyone can import the relevant subjects, and some Exports are private, such that the Import requires a token JWT to prove permission. The JWT library's validation of the bindings in the Import Token incorrectly warned on mismatches, instead of outright rejecting the token. As a result, any account can take an Import token used by any other account and re-use it for themselves because the binding to the importing account is not rejected, and use it to import *any* Subject from the Exporting account, not just the Subject referenced in the Import Token. The NATS account-server system treats account JWTs as semi-public information, such that an attacker can easily enumerate all account JWTs and retrieve all Import Tokens from those account JWTs. The CVE identifier should cover the JWT library repair and the nats-server containing the fixed JWT library, and any other application depending upon the fixed JWT library. ## Affected versions #### JWT library * all versions prior to 2.0.1 * fixed after nats-io/jwt#149 landed (2021-03-14) #### NATS Server * Version 2 prior to 2.2.0 + 2.0.0 through and including 2.1.9 are vulnerable * fixed with nats-io/nats-server@423b79440c (2021-03-14) ## Impact In deployments with untrusted accounts able to update the Account Server with imports, a malicious account can access any Subject from an account which provides Exported Subjects. Abuse of this facility requires the malicious actor to upload their tampered Account JWT to the Account Server, providing the service operator with a data-store which can be scanned for signs of abuse. ## Workaround Deny access to clients to update their account JWT in the account server. ## Solution Upgrade the JWT dependency in any application using it. Upgrade the NATS server if using NATS Accounts (with private Exports; Account owners can create those at any time though). Audit all accounts JWTs to scan for exploit attempts; a Python script to audit the accounts can be found at .", + "id": "GHSA-62mh-w5cv-p88c", + "ratings": [ + : { + "severity": "critical", + "source": { + "name": "ghsa" + } + } + ], + "recommendation": "Upgrade github.com/nats-io/jwt to version 2.0.1", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + } + } + 47: { + "advisories": [ + : { + "url": "https://github.com/advisories/GHSA-gwj5-3vfq-q992" + }, + : { + "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-gwj5-3vfq-q992" + } + ], + "affects": [ + : { + "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9", + "versions": [ + : { + "status": "affected", + "version": "v2.1.9" + } + ] + } + ], + "description": "(This advisory is canonically ) ## Problem Description An export/import cycle between accounts could crash the nats-server, after consuming CPU and memory. This issue was fixed publicly in in November 2020. The need to call this out as a security issue was highlighted by `snyk.io` and we are grateful for their assistance in doing so. Organizations which run a NATS service providing access to accounts run by untrusted third parties are affected. See below for an important caveat if running such a service. ## Affected versions #### NATS Server * Version 2 prior to 2.2.0 + 2.0.0 through and including 2.1.9 are vulnerable. * fixed with nats-io/nats-server PR 1731, commit 2e3c226729 ## Impact The nats-server could be killed, after consuming resources. ## Workaround The import cycle requires at least two accounts to work; if you have open account sign-up, then restricting new account sign-up might hinder an attacker. ## Solution Upgrade the nats-server. ## Caveat on NATS with untrusted users Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git.", + "id": "GHSA-gwj5-3vfq-q992", + "ratings": [ + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "low", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + } + } + 48: { + "advisories": [ + : { + "url": "https://github.com/advisories/GHSA-hmm9-r2m2-qg9w" + }, + : { + "url": "https://advisories.nats.io/CVE/CVE-2020-26521.txt" + }, + : { + "url": "https://github.com/nats-io/jwt/pull/107" + }, + : { + "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-hmm9-r2m2-qg9w" + }, + : { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI" + }, + : { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26521" + }, + : { + "url": "https://www.openwall.com/lists/oss-security/2020/11/02/2" + } + ], + "affects": [ + : { + "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + }, + : { + "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd", + "versions": [ + : { + "status": "affected", + "version": "v0.3.2" + } + ] + } + ], + "description": "(This advisory is canonically ) ## Problem Description The NATS account system has an Operator trusted by the servers, which signs Accounts, and each Account can then create and sign Users within their account. The Operator should be able to safely issue Accounts to other entities which it does not fully trust. A malicious Account could create and sign a User JWT with a state not created by the normal tooling, such that decoding by the NATS JWT library (written in Go) would attempt a nil dereference, aborting execution. The NATS Server is known to be impacted by this. ## Affected versions #### JWT library * all versions prior to 1.1.0 #### NATS Server * Version 2 prior to 2.1.9 ## Impact #### JWT library * Programs would nil dereference and panic, aborting execution by default. #### NATS server * Denial of Service caused by process termination ## Workaround If your NATS servers do not trust any accounts which are managed by untrusted entities, then malformed User credentials are unlikely to be encountered. ## Solution Upgrade the JWT dependency in any application using it. Upgrade the NATS server if using NATS Accounts.", + "id": "GHSA-hmm9-r2m2-qg9w", + "ratings": [ + : { + "method": "CVSSv31", + "score": 7.5, + "severity": "high", + "source": { + "name": "ghsa" + }, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0", + "source": { + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + } + } ] }