diff --git a/data/secscan_model/secscan_v4_model.py b/data/secscan_model/secscan_v4_model.py index a6b36d469c..a31057b17e 100644 --- a/data/secscan_model/secscan_v4_model.py +++ b/data/secscan_model/secscan_v4_model.py @@ -562,6 +562,19 @@ def features_for(report): Transforms a Clair v4 `VulnerabilityReport` dict into the standard shape of a Quay Security scanner response. """ + cvss_enrichment_key = "message/vnd.clair.map.vulnerability; enricher=clair.cvss schema=https://csrc.nist.gov/schema/nvd/feed/1.1/cvss-v3.x.json" + rhcc_enrichment_key = "message/vnd.clair.map.vulnerability; enricher=clair.rhcc schema=??" + + cvss_enrichments = ( + { + key: sorted(val, key=lambda x: x["baseScore"], reverse=True)[0] + for key, val in list(report["enrichments"][cvss_enrichment_key])[0].items() + } + if report.get("enrichments", {}).get(cvss_enrichment_key, {}) + else {} + ) + + rhcc_enrichments = report.get("enrichments", {}).get(rhcc_enrichment_key, {}) features = [] dedupe_vulns = {} @@ -582,15 +595,6 @@ def features_for(report): pkg_vulns.append(report["vulnerabilities"][vuln_id]) dedupe_vulns[vuln_key] = True - enrichments = ( - { - key: sorted(val, key=lambda x: x["baseScore"], reverse=True)[0] - for key, val in list(report["enrichments"].values())[0][0].items() - } - if report.get("enrichments", {}) - else {} - ) - features.append( Feature( pkg["name"], @@ -600,7 +604,7 @@ def features_for(report): pkg["version"], [ Vulnerability( - fetch_vuln_severity(vuln, enrichments), + fetch_vuln_severity(vuln, cvss_enrichments), vuln["updater"], vuln["links"], maybe_urlencoded( @@ -616,13 +620,17 @@ def features_for(report): vuln.get("distribution", {}).get("version"), NVD( CVSSv3( - enrichments.get(vuln["id"], {}).get("vectorString", ""), - enrichments.get(vuln["id"], {}).get("baseScore", ""), + cvss_enrichments.get(vuln["id"], {}).get("vectorString", ""), + cvss_enrichments.get(vuln["id"], {}).get("baseScore", ""), ) ), ), ) + # At the moment the second clause is just True but could be replaced with + # a config variable. We can also mark the vulns that come from rhcc layers + # for the UI to key off of. for vuln in pkg_vulns + if (not rhcc_enrichments.get(pkg_id, False) and True) ], ) ) diff --git a/data/secscan_model/test/securityinformation_with_rhcc_enrichments.json b/data/secscan_model/test/securityinformation_with_rhcc_enrichments.json new file mode 100644 index 0000000000..e1a3330404 --- /dev/null +++ b/data/secscan_model/test/securityinformation_with_rhcc_enrichments.json @@ -0,0 +1,1016 @@ +{ + "Layer": { + "Name": "sha256:4b42c2e36b0bedf017e14dc270f315e627a2a0030f453687a06375fa88694298", + "ParentName": "", + "NamespaceName": "", + "IndexedByVersion": 4, + "Features": [ + { + "Name": "setuptools", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "28.8.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "pyopenssl", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "17.5.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "cffi", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.11.5", + "Vulnerabilities": [ + + ] + }, + { + "Name": "ncurses-terminfo-base", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "6.0_p20171125-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "musl-utils", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.1.18-r3", + "Vulnerabilities": [ + + ] + }, + { + "Name": "libcrypto1.0", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.0.2o-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "libstdc++", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "6.4.0-r5", + "Vulnerabilities": [ + + ] + }, + { + "Name": "scanelf", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "Version": "1.2.2-r1", + "Vulnerabilities": [ + + ] + }, + { + "Name": "alpine-baselayout", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "Version": "3.0.5-r2", + "Vulnerabilities": [ + + ] + }, + { + "Name": "libressl2.6-libssl", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "Version": "2.6.3-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "pip", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "9.0.1", + "Vulnerabilities": [ + { + "Severity": "High", + "NamespaceName": "pyupio", + "Link": "", + "FixedBy": "", + "Description": "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.", + "Name": "pyup.io-38765 (CVE-2019-20916)", + "Metadata": { + "UpdatedBy": "pyupio", + "RepoName": "pypi", + "RepoLink": "https://pypi.org/simple", + "DistroName": "", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "Score": 7.5 + } + } + } + }, + { + "Severity": "High", + "NamespaceName": "pyupio", + "Link": "", + "FixedBy": "", + "Description": "Pip 21.1 updates urllib3 to 1.26.4 to fix CVE-2021-28363. The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.", + "Name": "pyup.io-40291 (CVE-2021-28363)", + "Metadata": { + "UpdatedBy": "pyupio", + "RepoName": "pypi", + "RepoLink": "https://pypi.org/simple", + "DistroName": "", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.2/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "Score": 7.5 + } + } + } + } + ] + }, + { + "Name": "expat", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "2.2.5-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "pyparsing", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "2.2.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "libbz2", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.0.6-r6", + "Vulnerabilities": [ + + ] + }, + { + "Name": "click", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "6.7", + "Vulnerabilities": [ + + ] + }, + { + "Name": "wsproto", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "0.11.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "ncurses-terminfo", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "6.0_p20171125-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "ncurses-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "6.0_p20171125-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "pyperclip", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.6.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "mitmproxy", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "4.0.1", + "Vulnerabilities": [ + + ] + }, + { + "Name": "xz-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "5.2.3-r1", + "Vulnerabilities": [ + + ] + }, + { + "Name": "certifi", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "2018.4.16", + "Vulnerabilities": [ + + ] + }, + { + "Name": "libressl2.6-libcrypto", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "Version": "2.6.3-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "sortedcontainers", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.5.10", + "Vulnerabilities": [ + + ] + }, + { + "Name": "ruamel.yaml", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "0.15.37", + "Vulnerabilities": [ + + ] + }, + { + "Name": "brotlipy", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "0.7.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "asn1crypto", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "0.24.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "gdbm", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.13-r1", + "Vulnerabilities": [ + + ] + }, + { + "Name": "urwid", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "2.0.1", + "Vulnerabilities": [ + + ] + }, + { + "Name": "readline", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "7.0.003-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "six", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.11.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "libc-utils", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "Version": "0.7.1-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "sqlite-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "3.21.0-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "h2", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "3.0.1", + "Vulnerabilities": [ + + ] + }, + { + "Name": "openssl", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.0.2o-r0", + "Vulnerabilities": [ + { + "Severity": "Medium", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", + "FixedBy": "1.0.2r-r0", + "Description": "", + "Name": "CVE-2019-1559", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 5.9 + } + } + } + }, + { + "Severity": "Medium", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "FixedBy": "1.0.2t-r0", + "Description": "", + "Name": "CVE-2019-1547", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "Score": 4.7 + } + } + } + }, + { + "Severity": "Low", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "FixedBy": "1.0.2t-r0", + "Description": "", + "Name": "CVE-2019-1563", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "Score": 3.7 + } + } + } + }, + { + "Severity": "High", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732", + "FixedBy": "1.0.2o-r1", + "Description": "", + "Name": "CVE-2018-0732", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 + } + } + } + }, + { + "Severity": "Medium", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737", + "FixedBy": "1.0.2o-r1", + "Description": "", + "Name": "CVE-2018-0737", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 5.9 + } + } + } + }, + { + "Severity": "Medium", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", + "FixedBy": "1.0.2q-r0", + "Description": "", + "Name": "CVE-2018-0734", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 5.9 + } + } + } + }, + { + "Severity": "Medium", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", + "FixedBy": "1.0.2q-r0", + "Description": "", + "Name": "CVE-2018-5407", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "Score": 4.7 + } + } + } + } + ] + }, + { + "Name": "hpack", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "3.0.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "ldap3", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "2.5", + "Vulnerabilities": [ + + ] + }, + { + "Name": "libssl1.0", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.0.2o-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "passlib", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.7.1", + "Vulnerabilities": [ + + ] + }, + { + "Name": "pycparser", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "2.18", + "Vulnerabilities": [ + + ] + }, + { + "Name": "kaitaistruct", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "0.8", + "Vulnerabilities": [ + + ] + }, + { + "Name": "libgcc", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "6.4.0-r5", + "Vulnerabilities": [ + + ] + }, + { + "Name": "python3", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "3.6.3-r9", + "Vulnerabilities": [ + { + "Severity": "High", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", + "FixedBy": "3.6.5-r0", + "Description": "", + "Name": "CVE-2018-1060", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 + } + } + } + }, + { + "Severity": "High", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", + "FixedBy": "3.6.5-r0", + "Description": "", + "Name": "CVE-2018-1061", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 + } + } + } + }, + { + "Severity": "High", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "FixedBy": "3.6.8-r0", + "Description": "", + "Name": "CVE-2018-14647", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 + } + } + } + }, + { + "Severity": "High", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406", + "FixedBy": "3.6.8-r0", + "Description": "", + "Name": "CVE-2018-20406", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 + } + } + } + }, + { + "Severity": "Critical", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "FixedBy": "3.6.8-r0", + "Description": "", + "Name": "CVE-2019-9636", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Score": 9.8 + } + } + } + }, + { + "Severity": "High", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "FixedBy": "3.6.8-r1", + "Description": "", + "Name": "CVE-2019-16056", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 7.5 + } + } + } + }, + { + "Severity": "Medium", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "FixedBy": "3.6.9-r1", + "Description": "", + "Name": "CVE-2019-16935", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "Score": 6.1 + } + } + } + } + ] + }, + { + "Name": "tornado", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "5.0.2", + "Vulnerabilities": [ + + ] + }, + { + "Name": "pyasn1", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "0.4.2", + "Vulnerabilities": [ + + ] + }, + { + "Name": "alpine-keys", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "Version": "2.1-r1", + "Vulnerabilities": [ + + ] + }, + { + "Name": "hyperframe", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "5.1.0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "su-exec", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "0.2-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "idna", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "2.6", + "Vulnerabilities": [ + + ] + }, + { + "Name": "cryptography", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "2.2.2", + "Vulnerabilities": [ + { + "Severity": "Unknown", + "NamespaceName": "pyupio", + "Link": "", + "FixedBy": "", + "Description": "Cryptography 3.3 no longer allows loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing.", + "Name": "pyup.io-39252", + "Metadata": { + "UpdatedBy": "pyupio", + "RepoName": "pypi", + "RepoLink": "https://pypi.org/simple", + "DistroName": "", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "", + "Score": "" + } + } + } + }, + { + "Severity": "Critical", + "NamespaceName": "pyupio", + "Link": "", + "FixedBy": "", + "Description": "In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. See CVE-2020-36242.", + "Name": "pyup.io-39606 (CVE-2020-36242)", + "Metadata": { + "UpdatedBy": "pyupio", + "RepoName": "pypi", + "RepoLink": "https://pypi.org/simple", + "DistroName": "", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "Score": 9.1 + } + } + } + }, + { + "Severity": "Medium", + "NamespaceName": "pyupio", + "Link": "", + "FixedBy": "", + "Description": "Cryptography 3.2 was released with the warning that its maintainers became aware of a Bleichenbacher vulnerability that they were only partly able to mitigate. See: CVE-2020-25659.", + "Name": "pyup.io-38932 (CVE-2020-25659)", + "Metadata": { + "UpdatedBy": "pyupio", + "RepoName": "pypi", + "RepoLink": "https://pypi.org/simple", + "DistroName": "", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 5.9 + } + } + } + }, + { + "Severity": "High", + "NamespaceName": "pyupio", + "Link": "", + "FixedBy": "", + "Description": "python-cryptography versions >=1.9.0 and <2.3 did not enforce a minimum tag length for finalize_with_tag API. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.", + "Name": "pyup.io-36351 (CVE-2018-10903)", + "Metadata": { + "UpdatedBy": "pyupio", + "RepoName": "pypi", + "RepoLink": "https://pypi.org/simple", + "DistroName": "", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 7.5 + } + } + } + } + ] + }, + { + "Name": "libffi", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "3.2.1-r4", + "Vulnerabilities": [ + + ] + }, + { + "Name": "blinker", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.4", + "Vulnerabilities": [ + + ] + }, + { + "Name": "busybox", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "Version": "1.27.2-r7", + "Vulnerabilities": [ + + ] + }, + { + "Name": "musl", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "1.1.18-r3", + "Vulnerabilities": [ + { + "Severity": "Critical", + "NamespaceName": "alpine-main-v3.7-updater", + "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697", + "FixedBy": "1.1.18-r4", + "Description": "", + "Name": "CVE-2019-14697", + "Metadata": { + "UpdatedBy": "alpine-main-v3.7-updater", + "RepoName": null, + "RepoLink": null, + "DistroName": "Alpine Linux", + "DistroVersion": "", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Score": 9.8 + } + } + } + } + ] + }, + { + "Name": "apk-tools", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "Version": "2.8.2-r0", + "Vulnerabilities": [ + + ] + }, + { + "Name": "zlib", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "Version": "1.2.11-r1", + "Vulnerabilities": [ + + ] + }, + { + "Name": "h11", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "Version": "0.7.0", + "Vulnerabilities": [ + + ] + } + ] + } +} diff --git a/data/secscan_model/test/test_secscan_v4_model.py b/data/secscan_model/test/test_secscan_v4_model.py index 88f9322b1e..92dbb1947d 100644 --- a/data/secscan_model/test/test_secscan_v4_model.py +++ b/data/secscan_model/test/test_secscan_v4_model.py @@ -549,6 +549,37 @@ def test_features_for_duplicates(): assert generated == expected +def test_rhcc_enrichments(): + vuln_report_filename = os.path.join( + os.path.dirname(os.path.abspath(__file__)), "vulnerabilityreport_with_rhcc_enrichments.json" + ) + security_info_filename = os.path.join( + os.path.dirname(os.path.abspath(__file__)), "securityinformation_with_rhcc_enrichments.json" + ) + with open(vuln_report_filename) as vuln_report_file: + vuln_report = json.load(vuln_report_file) + + with open(security_info_filename) as security_info_file: + expected = json.load(security_info_file) + + generated = SecurityInformation( + Layer( + vuln_report["manifest_hash"], + "", + "", + 4, + features_for(vuln_report), + ) + ).to_dict() + + # Sort the Features' list so that the following assertion holds even if they are out of order + # (Ordering of the dicts' key iteration is different from Python 2 to 3) + expected["Layer"]["Features"].sort(key=lambda d: d["Name"]) + generated["Layer"]["Features"].sort(key=lambda d: d["Name"]) + + assert generated == expected + + def test_perform_indexing_invalid_manifest(initialized_db, set_secscan_config): secscan = V4SecurityScanner(application, instance_keys, storage) secscan._secscan_api = mock.Mock() diff --git a/data/secscan_model/test/vulnerabilityreport_with_rhcc_enrichments.json b/data/secscan_model/test/vulnerabilityreport_with_rhcc_enrichments.json new file mode 100644 index 0000000000..6320c17438 --- /dev/null +++ b/data/secscan_model/test/vulnerabilityreport_with_rhcc_enrichments.json @@ -0,0 +1,2521 @@ +{ + "manifest_hash": "sha256:4b42c2e36b0bedf017e14dc270f315e627a2a0030f453687a06375fa88694298", + "packages": { + "120": { + "id": "120", + "name": "setuptools", + "version": "28.8.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.28.8.0.0.0.0.0.0.0" + }, + "108": { + "id": "108", + "name": "pyopenssl", + "version": "17.5.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.17.5.0.0.0.0.0.0.0" + }, + "82": { + "id": "82", + "name": "cffi", + "version": "1.11.5", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.1.11.5.0.0.0.0.0.0" + }, + "174": { + "id": "174", + "name": "ncurses-terminfo-base", + "version": "6.0_p20171125-r0", + "kind": "binary", + "source": { + "id": "173", + "name": "ncurses", + "version": "6.0_p20171125-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "158": { + "id": "158", + "name": "musl-utils", + "version": "1.1.18-r3", + "kind": "binary", + "source": { + "id": "149", + "name": "musl", + "version": "1.1.18-r3", + "kind": "source" + }, + "arch": "x86_64" + }, + "162": { + "id": "162", + "name": "libcrypto1.0", + "version": "1.0.2o-r0", + "kind": "binary", + "source": { + "id": "161", + "name": "openssl", + "version": "1.0.2o-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "154": { + "id": "154", + "name": "libstdc++", + "version": "6.4.0-r5", + "kind": "binary", + "source": { + "id": "151", + "name": "gcc", + "version": "6.4.0-r5", + "kind": "source" + }, + "arch": "x86_64" + }, + "68": { + "id": "68", + "name": "scanelf", + "version": "1.2.2-r1", + "kind": "binary", + "source": { + "id": "67", + "name": "pax-utils", + "version": "1.2.2-r1", + "kind": "source" + }, + "arch": "x86_64" + }, + "56": { + "id": "56", + "name": "alpine-baselayout", + "version": "3.0.5-r2", + "kind": "binary", + "source": { + "id": "55", + "name": "alpine-baselayout", + "version": "3.0.5-r2", + "kind": "source" + }, + "arch": "x86_64" + }, + "62": { + "id": "62", + "name": "libressl2.6-libssl", + "version": "2.6.3-r0", + "kind": "binary", + "source": { + "id": "59", + "name": "libressl", + "version": "2.6.3-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "106": { + "id": "106", + "name": "pip", + "version": "9.0.1", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.9.0.1.0.0.0.0.0.0" + }, + "156": { + "id": "156", + "name": "expat", + "version": "2.2.5-r0", + "kind": "binary", + "source": { + "id": "155", + "name": "expat", + "version": "2.2.5-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "114": { + "id": "114", + "name": "pyparsing", + "version": "2.2.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.2.2.0.0.0.0.0.0.0" + }, + "168": { + "id": "168", + "name": "libbz2", + "version": "1.0.6-r6", + "kind": "binary", + "source": { + "id": "167", + "name": "bzip2", + "version": "1.0.6-r6", + "kind": "source" + }, + "arch": "x86_64" + }, + "84": { + "id": "84", + "name": "click", + "version": "6.7", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.6.7.0.0.0.0.0.0.0" + }, + "130": { + "id": "130", + "name": "wsproto", + "version": "0.11.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.0.11.0.0.0.0.0.0.0" + }, + "176": { + "id": "176", + "name": "ncurses-terminfo", + "version": "6.0_p20171125-r0", + "kind": "binary", + "source": { + "id": "173", + "name": "ncurses", + "version": "6.0_p20171125-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "178": { + "id": "178", + "name": "ncurses-libs", + "version": "6.0_p20171125-r0", + "kind": "binary", + "source": { + "id": "173", + "name": "ncurses", + "version": "6.0_p20171125-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "116": { + "id": "116", + "name": "pyperclip", + "version": "1.6.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.1.6.0.0.0.0.0.0.0" + }, + "102": { + "id": "102", + "name": "mitmproxy", + "version": "4.0.1", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.4.0.1.0.0.0.0.0.0" + }, + "172": { + "id": "172", + "name": "xz-libs", + "version": "5.2.3-r1", + "kind": "binary", + "source": { + "id": "171", + "name": "xz", + "version": "5.2.3-r1", + "kind": "source" + }, + "arch": "x86_64" + }, + "80": { + "id": "80", + "name": "certifi", + "version": "2018.4.16", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.2018.4.16.0.0.0.0.0.0" + }, + "60": { + "id": "60", + "name": "libressl2.6-libcrypto", + "version": "2.6.3-r0", + "kind": "binary", + "source": { + "id": "59", + "name": "libressl", + "version": "2.6.3-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "124": { + "id": "124", + "name": "sortedcontainers", + "version": "1.5.10", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.1.5.10.0.0.0.0.0.0" + }, + "118": { + "id": "118", + "name": "ruamel.yaml", + "version": "0.15.37", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.0.15.37.0.0.0.0.0.0" + }, + "78": { + "id": "78", + "name": "brotlipy", + "version": "0.7.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.0.7.0.0.0.0.0.0.0" + }, + "74": { + "id": "74", + "name": "asn1crypto", + "version": "0.24.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.0.24.0.0.0.0.0.0.0" + }, + "170": { + "id": "170", + "name": "gdbm", + "version": "1.13-r1", + "kind": "binary", + "source": { + "id": "169", + "name": "gdbm", + "version": "1.13-r1", + "kind": "source" + }, + "arch": "x86_64" + }, + "128": { + "id": "128", + "name": "urwid", + "version": "2.0.1", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.2.0.1.0.0.0.0.0.0" + }, + "180": { + "id": "180", + "name": "readline", + "version": "7.0.003-r0", + "kind": "binary", + "source": { + "id": "179", + "name": "readline", + "version": "7.0.003-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "122": { + "id": "122", + "name": "six", + "version": "1.11.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.1.11.0.0.0.0.0.0.0" + }, + "72": { + "id": "72", + "name": "libc-utils", + "version": "0.7.1-r0", + "kind": "binary", + "source": { + "id": "71", + "name": "libc-dev", + "version": "0.7.1-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "182": { + "id": "182", + "name": "sqlite-libs", + "version": "3.21.0-r0", + "kind": "binary", + "source": { + "id": "181", + "name": "sqlite", + "version": "3.21.0-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "90": { + "id": "90", + "name": "h2", + "version": "3.0.1", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.3.0.1.0.0.0.0.0.0" + }, + "166": { + "id": "166", + "name": "openssl", + "version": "1.0.2o-r0", + "kind": "binary", + "source": { + "id": "161", + "name": "openssl", + "version": "1.0.2o-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "92": { + "id": "92", + "name": "hpack", + "version": "3.0.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.3.0.0.0.0.0.0.0.0" + }, + "100": { + "id": "100", + "name": "ldap3", + "version": "2.5", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.2.5.0.0.0.0.0.0.0" + }, + "164": { + "id": "164", + "name": "libssl1.0", + "version": "1.0.2o-r0", + "kind": "binary", + "source": { + "id": "161", + "name": "openssl", + "version": "1.0.2o-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "104": { + "id": "104", + "name": "passlib", + "version": "1.7.1", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.1.7.1.0.0.0.0.0.0" + }, + "112": { + "id": "112", + "name": "pycparser", + "version": "2.18", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.2.18.0.0.0.0.0.0.0" + }, + "98": { + "id": "98", + "name": "kaitaistruct", + "version": "0.8", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.0.8.0.0.0.0.0.0.0" + }, + "152": { + "id": "152", + "name": "libgcc", + "version": "6.4.0-r5", + "kind": "binary", + "source": { + "id": "151", + "name": "gcc", + "version": "6.4.0-r5", + "kind": "source" + }, + "arch": "x86_64" + }, + "184": { + "id": "184", + "name": "python3", + "version": "3.6.3-r9", + "kind": "binary", + "source": { + "id": "183", + "name": "python3", + "version": "3.6.3-r9", + "kind": "source" + }, + "arch": "x86_64" + }, + "126": { + "id": "126", + "name": "tornado", + "version": "5.0.2", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.5.0.2.0.0.0.0.0.0" + }, + "110": { + "id": "110", + "name": "pyasn1", + "version": "0.4.2", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.0.4.2.0.0.0.0.0.0" + }, + "58": { + "id": "58", + "name": "alpine-keys", + "version": "2.1-r1", + "kind": "binary", + "source": { + "id": "57", + "name": "alpine-keys", + "version": "2.1-r1", + "kind": "source" + }, + "arch": "x86_64" + }, + "94": { + "id": "94", + "name": "hyperframe", + "version": "5.1.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.5.1.0.0.0.0.0.0.0" + }, + "186": { + "id": "186", + "name": "su-exec", + "version": "0.2-r0", + "kind": "binary", + "source": { + "id": "185", + "name": "su-exec", + "version": "0.2-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "96": { + "id": "96", + "name": "idna", + "version": "2.6", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.2.6.0.0.0.0.0.0.0" + }, + "86": { + "id": "86", + "name": "cryptography", + "version": "2.2.2", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.2.2.2.0.0.0.0.0.0" + }, + "160": { + "id": "160", + "name": "libffi", + "version": "3.2.1-r4", + "kind": "binary", + "source": { + "id": "159", + "name": "libffi", + "version": "3.2.1-r4", + "kind": "source" + }, + "arch": "x86_64" + }, + "76": { + "id": "76", + "name": "blinker", + "version": "1.4", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.1.4.0.0.0.0.0.0.0" + }, + "54": { + "id": "54", + "name": "busybox", + "version": "1.27.2-r7", + "kind": "binary", + "source": { + "id": "53", + "name": "busybox", + "version": "1.27.2-r7", + "kind": "source" + }, + "arch": "x86_64" + }, + "150": { + "id": "150", + "name": "musl", + "version": "1.1.18-r3", + "kind": "binary", + "source": { + "id": "149", + "name": "musl", + "version": "1.1.18-r3", + "kind": "source" + }, + "arch": "x86_64" + }, + "66": { + "id": "66", + "name": "apk-tools", + "version": "2.8.2-r0", + "kind": "binary", + "source": { + "id": "65", + "name": "apk-tools", + "version": "2.8.2-r0", + "kind": "source" + }, + "arch": "x86_64" + }, + "64": { + "id": "64", + "name": "zlib", + "version": "1.2.11-r1", + "kind": "binary", + "source": { + "id": "63", + "name": "zlib", + "version": "1.2.11-r1", + "kind": "source" + }, + "arch": "x86_64" + }, + "88": { + "id": "88", + "name": "h11", + "version": "0.7.0", + "kind": "binary", + "source": { + "id": "73", + "name": "", + "version": "" + }, + "normalized_version": "pep440:0.0.7.0.0.0.0.0.0.0" + } + }, + "distributions": { + "3": { + "id": "3", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + } + }, + "repository": { + "1": { + "id": "1", + "name": "pypi", + "uri": "https://pypi.org/simple" + } + }, + "environments": { + "58": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "distribution_id": "3", + "repository_ids": null + } + ], + "88": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "106": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "92": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "62": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "distribution_id": "3", + "repository_ids": null + } + ], + "120": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "104": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "154": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "160": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "162": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "170": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "152": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "126": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "78": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "110": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "64": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "distribution_id": "3", + "repository_ids": null + } + ], + "150": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "112": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "66": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "distribution_id": "3", + "repository_ids": null + } + ], + "90": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "168": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "176": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "118": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "116": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "102": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "180": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "186": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "158": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "100": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "82": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "114": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "56": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "distribution_id": "3", + "repository_ids": null + } + ], + "96": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "74": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "84": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "128": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "86": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "130": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "54": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "distribution_id": "3", + "repository_ids": null + } + ], + "184": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "164": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "174": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "60": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "distribution_id": "3", + "repository_ids": null + } + ], + "80": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "166": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "68": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "distribution_id": "3", + "repository_ids": null + } + ], + "98": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "178": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "124": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "122": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "76": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "72": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", + "distribution_id": "3", + "repository_ids": null + } + ], + "172": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "156": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "94": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ], + "182": [ + { + "package_db": "lib/apk/db/installed", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "3", + "repository_ids": null + } + ], + "108": [ + { + "package_db": "python:usr/lib/python3.6/site-packages", + "introduced_in": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "distribution_id": "", + "repository_ids": [ + "1" + ] + } + ] + }, + "vulnerabilities": { + "2552682": { + "id": "2552682", + "updater": "pyupio", + "name": "pyup.io-39606 (CVE-2020-36242)", + "description": "In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. See CVE-2020-36242.", + "issued": "0000-12-31T18:09:24-05:50", + "links": "", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "cryptography", + "version": "\u003c3.3.2", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "pypi", + "uri": "https://pypi.org/simple" + }, + "fixed_in_version": "" + }, + "2797789": { + "id": "2797789", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2018-1060", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "python3", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "3.6.5-r0" + }, + "2797048": { + "id": "2797048", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2019-1563", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "openssl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "1.0.2t-r0" + }, + "2552675": { + "id": "2552675", + "updater": "pyupio", + "name": "pyup.io-39252", + "description": "Cryptography 3.3 no longer allows loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing.", + "issued": "0000-12-31T18:09:24-05:50", + "links": "", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "cryptography", + "version": "\u003c3.3", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "pypi", + "uri": "https://pypi.org/simple" + }, + "fixed_in_version": "" + }, + "2565662": { + "id": "2565662", + "updater": "pyupio", + "name": "pyup.io-38179", + "description": "Mitmproxy 5.0 fixes command injection vulnerabilities when exporting flows as curl/httpie commands. It also does not echo unsanitized user input in HTTP error responses.", + "issued": "0000-12-31T18:09:24-05:50", + "links": "", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "mitmproxy", + "version": "\u003c5.0", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "pypi", + "uri": "https://pypi.org/simple" + }, + "fixed_in_version": "" + }, + "2565647": { + "id": "2565647", + "updater": "pyupio", + "name": "pyup.io-36353 (CVE-2018-14505)", + "description": "mitmproxy before 4.0.3 does not protect mitmweb against DNS rebinding.", + "issued": "0000-12-31T18:09:24-05:50", + "links": "", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "mitmproxy", + "version": "\u003c4.0.3", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "pypi", + "uri": "https://pypi.org/simple" + }, + "fixed_in_version": "" + }, + "2796759": { + "id": "2796759", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2019-14697", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "musl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "1.1.18-r4" + }, + "2552688": { + "id": "2552688", + "updater": "pyupio", + "name": "pyup.io-38932 (CVE-2020-25659)", + "description": "Cryptography 3.2 was released with the warning that its maintainers became aware of a Bleichenbacher vulnerability that they were only partly able to mitigate. See: CVE-2020-25659.", + "issued": "0000-12-31T18:09:24-05:50", + "links": "", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "cryptography", + "version": "\u003c=3.2", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "pypi", + "uri": "https://pypi.org/simple" + }, + "fixed_in_version": "" + }, + "2797840": { + "id": "2797840", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2018-14647", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "python3", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "3.6.8-r0" + }, + "2794281": { + "id": "2794281", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2018-20843", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "expat", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "2.2.7-r0" + }, + "2797866": { + "id": "2797866", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2019-16935", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "python3", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "3.6.9-r1" + }, + "2552698": { + "id": "2552698", + "updater": "pyupio", + "name": "pyup.io-36351 (CVE-2018-10903)", + "description": "python-cryptography versions \u003e=1.9.0 and \u003c2.3 did not enforce a minimum tag length for finalize_with_tag API. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.", + "issued": "0000-12-31T18:09:24-05:50", + "links": "", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "cryptography", + "version": "\u003e=1.9.0,\u003c2.3", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "pypi", + "uri": "https://pypi.org/simple" + }, + "fixed_in_version": "" + }, + "2797043": { + "id": "2797043", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2019-1547", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "openssl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "1.0.2t-r0" + }, + "2541140": { + "id": "2541140", + "updater": "pyupio", + "name": "pyup.io-38765 (CVE-2019-20916)", + "description": "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.", + "issued": "0000-12-31T18:09:24-05:50", + "links": "", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "pip", + "version": "\u003c19.2", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "pypi", + "uri": "https://pypi.org/simple" + }, + "fixed_in_version": "" + }, + "2797118": { + "id": "2797118", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2018-0737", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "openssl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "1.0.2o-r1" + }, + "2797131": { + "id": "2797131", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2018-5407", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "openssl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "1.0.2q-r0" + }, + "2794285": { + "id": "2794285", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2019-15903", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "expat", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "2.2.7-r1" + }, + "2565656": { + "id": "2565656", + "updater": "pyupio", + "name": "pyup.io-36352 (CVE-2018-14505)", + "description": "mitmproxy before 4.0.4 does not protect mitmweb against DNS rebinding.", + "issued": "0000-12-31T18:09:24-05:50", + "links": "", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "mitmproxy", + "version": "\u003c4.0.4", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "pypi", + "uri": "https://pypi.org/simple" + }, + "fixed_in_version": "" + }, + "2797858": { + "id": "2797858", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2019-16056", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "python3", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "3.6.8-r1" + }, + "2797123": { + "id": "2797123", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2018-0734", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "openssl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "1.0.2q-r0" + }, + "2541141": { + "id": "2541141", + "updater": "pyupio", + "name": "pyup.io-40291 (CVE-2021-28363)", + "description": "Pip 21.1 updates urllib3 to 1.26.4 to fix CVE-2021-28363. The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.", + "issued": "0000-12-31T18:09:24-05:50", + "links": "", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "pip", + "version": "\u003c21.1", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "pypi", + "uri": "https://pypi.org/simple" + }, + "fixed_in_version": "" + }, + "2797834": { + "id": "2797834", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2018-1061", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "python3", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "3.6.5-r0" + }, + "2797846": { + "id": "2797846", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2018-20406", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "python3", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "3.6.8-r0" + }, + "2797113": { + "id": "2797113", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2018-0732", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "openssl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "1.0.2o-r1" + }, + "2797037": { + "id": "2797037", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2019-1559", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "openssl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "1.0.2r-r0" + }, + "2797851": { + "id": "2797851", + "updater": "alpine-main-v3.7-updater", + "name": "CVE-2019-9636", + "description": "", + "issued": "0000-12-31T18:09:24-05:50", + "links": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "python3", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "alpine", + "name": "Alpine Linux", + "version": "", + "version_code_name": "", + "version_id": "3.7", + "arch": "", + "cpe": "", + "pretty_name": "Alpine Linux v3.7" + }, + "repository": { + + }, + "fixed_in_version": "3.6.8-r0" + } + }, + "package_vulnerabilities": { + "102": [ + "2565647", + "2565656", + "2565662" + ], + "184": [ + "2797789", + "2797834", + "2797840", + "2797846", + "2797851", + "2797858", + "2797866" + ], + "156": [ + "2794281", + "2794285" + ], + "150": [ + "2796759" + ], + "166": [ + "2797037", + "2797043", + "2797048", + "2797113", + "2797118", + "2797123", + "2797131" + ], + "106": [ + "2541140", + "2541141" + ], + "86": [ + "2552675", + "2552682", + "2552688", + "2552698" + ] + }, + "enrichments": { + "message/vnd.clair.map.vulnerability; enricher=clair.rhcc schema=??": { + "102": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", + "156": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784" + }, + "message/vnd.clair.map.vulnerability; enricher=clair.cvss schema=https://csrc.nist.gov/schema/nvd/feed/1.1/cvss-v3.x.json": [ + { + "2541140": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "2541141": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.2/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "2552682": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 9.1, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2552688": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2552698": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2565647": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2565656": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2794281": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "2794285": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "2796759": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 9.8, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2797037": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2797043": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + ], + "2797048": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.7, + "attackVector": "NETWORK", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "2797113": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "2797118": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2797123": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2797131": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + ], + "2797789": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "2797834": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "2797840": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "2797846": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "2797851": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 9.8, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2797858": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "2797866": [ + { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 6.1, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ] + } + ] + } + } + \ No newline at end of file