New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cves and recommendation docker scout commands #79
Conversation
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
Outdated🔍 Vulnerabilities of
|
digest | sha256:5c5ee97fbccbc0c95eabd774f069b3146130cbb93ea08b8b5083e19431251504 |
vulnerabilities | |
size | 2.3 GB |
packages | 2892 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (137:142)
RUN mkdir --parents /usr/local/share/java && \
curl --silent --fail --show-error --location 'https://sourceforge.net/projects/ditaa/files/latest/download' | \
bsdtar -xf - -s '/ditaa.*\.jar/ditaa.jar/' --directory /usr/local/share/java '*.jar' && \
curl --silent --fail --show-error --location --output /usr/local/share/java/plantuml.jar 'http://sourceforge.net/projects/plantuml/files/plantuml.jar/download' && \
curl --silent --fail --show-error --location --output - 'https://downloads.sourceforge.net/project/saxon/Saxon-HE/9.9/SaxonHE9-9-1-6J.zip' | \
bsdtar -xf - -s '/saxon.*\.jar/saxon.jar/' --directory /usr/local/share/java 'saxon9he.jar'
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
Outdated🔍 Vulnerabilities of
|
digest | sha256:f2c3607101bbf3046c991b0168772d870d0ffdd1138cbd2bef4c416a78bc565b |
vulnerabilities | |
size | 2.3 GB |
packages | 2910 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
Outdated🔍 Vulnerabilities of
|
digest | sha256:01284d8476346e41580af098e94f4e467dc227d301fb20b895695a9001234423 |
vulnerabilities | |
size | 2.4 GB |
packages | 2963 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
Outdated🔍 Vulnerabilities of
|
digest | sha256:891ca337708f8901812e22aceb284cee6cc0d446e03be4c113ddcba26376e91c |
vulnerabilities | |
size | 2.3 GB |
packages | 3012 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
Outdated🔍 Vulnerabilities of
|
digest | sha256:dee3adc4ccaa8ad9a0803d76d1321f9a722c8334edb5031daae6e52738772757 |
vulnerabilities | |
size | 2.4 GB |
packages | 2976 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
stdlib 1.20.11
(golang)
pkg:golang/stdlib@1.20.11
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=1.20.11 |
Fixed version | 1.20.12 |
EPSS Score | 0.00098 |
EPSS Percentile | 0.3977 |
Description
The filepath package does not recognize paths with a ??\ prefix as special.
On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x is equivalent to the more common path c:\x.
Before fix, Clean could convert a rooted path such as \a..??\b into the root local device path ??\b. Clean will now convert this to .??\b.
Similarly, Join(, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path ??\b. Join will now convert this to .??\b.
In addition, with fix, IsAbs now correctly reports paths beginning with ??\ as absolute, and VolumeName correctly reports the ??\ prefix as a volume name.
UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with ?, resulting in filepath.Clean(?\c:) returning ?\c: rather than ?\c:\ (among other effects). The previous behavior has been restored.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
Outdated🔍 Vulnerabilities of
|
digest | sha256:0d35853000b2b76dd555e1e66f224850d1d9e625db98d740979db4d7126e4a4d |
vulnerabilities | |
size | 2.5 GB |
packages | 2941 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
Outdated🔍 Vulnerabilities of
|
digest | sha256:be2a8b2f405cfbf8b7c16ec8300af95365fb0c40b69209d44314e1c67500e795 |
vulnerabilities | |
size | 2.6 GB |
packages | 3007 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
stdlib 1.20.11
(golang)
pkg:golang/stdlib@1.20.11
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=1.20.11 |
Fixed version | 1.20.12 |
EPSS Score | 0.00098 |
EPSS Percentile | 0.3977 |
Description
The filepath package does not recognize paths with a ??\ prefix as special.
On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x is equivalent to the more common path c:\x.
Before fix, Clean could convert a rooted path such as \a..??\b into the root local device path ??\b. Clean will now convert this to .??\b.
Similarly, Join(, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path ??\b. Join will now convert this to .??\b.
In addition, with fix, IsAbs now correctly reports paths beginning with ??\ as absolute, and VolumeName correctly reports the ??\ prefix as a volume name.
UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with ?, resulting in filepath.Clean(?\c:) returning ?\c: rather than ?\c:\ (among other effects). The previous behavior has been restored.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
Outdated🔍 Vulnerabilities of
|
digest | sha256:9b03ee453ca794ccfc026fc9850b86f69bf350fdf55d39e663b9e46beb78dfe2 |
vulnerabilities | |
size | 2.6 GB |
packages | 2994 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
Outdated🔍 Vulnerabilities of
|
digest | sha256:d01af0f4b6bba07f6bb795d302ea1b893de0d7ee911a0dd12cf481aea9f1ec21 |
vulnerabilities | |
size | 2.5 GB |
packages | 2923 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (137:142)
RUN mkdir --parents /usr/local/share/java && \
curl --silent --fail --show-error --location 'https://sourceforge.net/projects/ditaa/files/latest/download' | \
bsdtar -xf - -s '/ditaa.*\.jar/ditaa.jar/' --directory /usr/local/share/java '*.jar' && \
curl --silent --fail --show-error --location --output /usr/local/share/java/plantuml.jar 'http://sourceforge.net/projects/plantuml/files/plantuml.jar/download' && \
curl --silent --fail --show-error --location --output - 'https://downloads.sourceforge.net/project/saxon/Saxon-HE/9.9/SaxonHE9-9-1-6J.zip' | \
bsdtar -xf - -s '/saxon.*\.jar/saxon.jar/' --directory /usr/local/share/java 'saxon9he.jar'
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
Outdated🔍 Vulnerabilities of
|
digest | sha256:946d5cd46e84119734e45818781f497be8de395f893a6ea8d38f9260aef9cb57 |
vulnerabilities | |
size | 2.5 GB |
packages | 3043 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Outdated🔍 Vulnerabilities of
|
digest | sha256:5c5ee97fbccbc0c95eabd774f069b3146130cbb93ea08b8b5083e19431251504 |
vulnerabilities | |
size | 2.3 GB |
packages | 2892 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (137:142)
RUN mkdir --parents /usr/local/share/java && \
curl --silent --fail --show-error --location 'https://sourceforge.net/projects/ditaa/files/latest/download' | \
bsdtar -xf - -s '/ditaa.*\.jar/ditaa.jar/' --directory /usr/local/share/java '*.jar' && \
curl --silent --fail --show-error --location --output /usr/local/share/java/plantuml.jar 'http://sourceforge.net/projects/plantuml/files/plantuml.jar/download' && \
curl --silent --fail --show-error --location --output - 'https://downloads.sourceforge.net/project/saxon/Saxon-HE/9.9/SaxonHE9-9-1-6J.zip' | \
bsdtar -xf - -s '/saxon.*\.jar/saxon.jar/' --directory /usr/local/share/java 'saxon9he.jar'
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
Outdated🔍 Vulnerabilities of
|
digest | sha256:891ca337708f8901812e22aceb284cee6cc0d446e03be4c113ddcba26376e91c |
vulnerabilities | |
size | 2.3 GB |
packages | 3012 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
80a9274
to
880efa5
Compare
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
Outdated🔍 Vulnerabilities of
|
digest | sha256:5c5ee97fbccbc0c95eabd774f069b3146130cbb93ea08b8b5083e19431251504 |
vulnerabilities | |
size | 2.3 GB |
packages | 2892 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (137:142)
RUN mkdir --parents /usr/local/share/java && \
curl --silent --fail --show-error --location 'https://sourceforge.net/projects/ditaa/files/latest/download' | \
bsdtar -xf - -s '/ditaa.*\.jar/ditaa.jar/' --directory /usr/local/share/java '*.jar' && \
curl --silent --fail --show-error --location --output /usr/local/share/java/plantuml.jar 'http://sourceforge.net/projects/plantuml/files/plantuml.jar/download' && \
curl --silent --fail --show-error --location --output - 'https://downloads.sourceforge.net/project/saxon/Saxon-HE/9.9/SaxonHE9-9-1-6J.zip' | \
bsdtar -xf - -s '/saxon.*\.jar/saxon.jar/' --directory /usr/local/share/java 'saxon9he.jar'
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Outdated🔍 Vulnerabilities of
|
digest | sha256:01284d8476346e41580af098e94f4e467dc227d301fb20b895695a9001234423 |
vulnerabilities | |
size | 2.4 GB |
packages | 2963 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
Outdated🔍 Vulnerabilities of
|
digest | sha256:891ca337708f8901812e22aceb284cee6cc0d446e03be4c113ddcba26376e91c |
vulnerabilities | |
size | 2.3 GB |
packages | 3012 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
Outdated🔍 Vulnerabilities of
|
digest | sha256:d01af0f4b6bba07f6bb795d302ea1b893de0d7ee911a0dd12cf481aea9f1ec21 |
vulnerabilities | |
size | 2.5 GB |
packages | 2923 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (21:26)
RUN curl --silent --fail --show-error --location 'https://packagecloud.io/github/git-lfs/gpgkey' | \
apt-key --keyring /usr/share/keyrings/packagecloud.io.gpg add - && \
echo "deb [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee /etc/apt/sources.list.d/github-git-lfs.list && \
echo "deb-src [signed-by=/usr/share/keyrings/packagecloud.io.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $(lsb_release --short --codename) main" | \
tee --append /etc/apt/sources.list.d/github-git-lfs.list
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (137:142)
RUN mkdir --parents /usr/local/share/java && \
curl --silent --fail --show-error --location 'https://sourceforge.net/projects/ditaa/files/latest/download' | \
bsdtar -xf - -s '/ditaa.*\.jar/ditaa.jar/' --directory /usr/local/share/java '*.jar' && \
curl --silent --fail --show-error --location --output /usr/local/share/java/plantuml.jar 'http://sourceforge.net/projects/plantuml/files/plantuml.jar/download' && \
curl --silent --fail --show-error --location --output - 'https://downloads.sourceforge.net/project/saxon/Saxon-HE/9.9/SaxonHE9-9-1-6J.zip' | \
bsdtar -xf - -s '/saxon.*\.jar/saxon.jar/' --directory /usr/local/share/java 'saxon9he.jar'
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (132:134)
RUN curl --silent --fail --show-error \
--location "https://s3.amazonaws.com/travis-rubies/binaries/ubuntu/$(lsb_release --short --release)/$(uname --machine)/ruby-3.1.2.tar.bz2" | \
tar --extract --bzip2 --verbose --directory /usr/local --file - --strip-components 1
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (184:197)
RUN npm install --global \
artillery \
eslint \
eslint-plugin-html \
heroku \
jest \
nodemon \
prettier \
ts-node \
typescript && \
npm install --global --unsafe-perm \
ngrok && \
rm --recursive --force $HOME/.ngrok && \
npm cache clean --force
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Outdated🔍 Vulnerabilities of
|
digest | sha256:dee3adc4ccaa8ad9a0803d76d1321f9a722c8334edb5031daae6e52738772757 |
vulnerabilities | |
size | 2.4 GB |
packages | 2976 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
stdlib 1.20.11
(golang)
pkg:golang/stdlib@1.20.11
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=1.20.11 |
Fixed version | 1.20.12 |
EPSS Score | 0.00098 |
EPSS Percentile | 0.3977 |
Description
The filepath package does not recognize paths with a ??\ prefix as special.
On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x is equivalent to the more common path c:\x.
Before fix, Clean could convert a rooted path such as \a..??\b into the root local device path ??\b. Clean will now convert this to .??\b.
Similarly, Join(, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path ??\b. Join will now convert this to .??\b.
In addition, with fix, IsAbs now correctly reports paths beginning with ??\ as absolute, and VolumeName correctly reports the ??\ prefix as a volume name.
UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with ?, resulting in filepath.Clean(?\c:) returning ?\c: rather than ?\c:\ (among other effects). The previous behavior has been restored.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
Outdated🔍 Vulnerabilities of
|
digest | sha256:be2a8b2f405cfbf8b7c16ec8300af95365fb0c40b69209d44314e1c67500e795 |
vulnerabilities | |
size | 2.6 GB |
packages | 3007 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
stdlib 1.20.11
(golang)
pkg:golang/stdlib@1.20.11
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=1.20.11 |
Fixed version | 1.20.12 |
EPSS Score | 0.00098 |
EPSS Percentile | 0.3977 |
Description
The filepath package does not recognize paths with a ??\ prefix as special.
On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x is equivalent to the more common path c:\x.
Before fix, Clean could convert a rooted path such as \a..??\b into the root local device path ??\b. Clean will now convert this to .??\b.
Similarly, Join(, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path ??\b. Join will now convert this to .??\b.
In addition, with fix, IsAbs now correctly reports paths beginning with ??\ as absolute, and VolumeName correctly reports the ??\ prefix as a volume name.
UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with ?, resulting in filepath.Clean(?\c:) returning ?\c: rather than ?\c:\ (among other effects). The previous behavior has been restored.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
Outdated🔍 Vulnerabilities of
|
digest | sha256:9b03ee453ca794ccfc026fc9850b86f69bf350fdf55d39e663b9e46beb78dfe2 |
vulnerabilities | |
size | 2.6 GB |
packages | 2994 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
Outdated🔍 Vulnerabilities of
|
digest | sha256:0d35853000b2b76dd555e1e66f224850d1d9e625db98d740979db4d7126e4a4d |
vulnerabilities | |
size | 2.5 GB |
packages | 2941 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
Outdated🔍 Vulnerabilities of
|
digest | sha256:946d5cd46e84119734e45818781f497be8de395f893a6ea8d38f9260aef9cb57 |
vulnerabilities | |
size | 2.5 GB |
packages | 3043 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00815 |
EPSS Percentile | 0.81413 |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00336 |
EPSS Percentile | 0.70716 |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.01138 |
EPSS Percentile | 0.8441 |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00042 |
EPSS Percentile | 0.05352 |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00958 |
EPSS Percentile | 0.82901 |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00282 |
EPSS Percentile | 0.67853 |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00045 |
EPSS Percentile | 0.12923 |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
EPSS Score | 0.00098 |
EPSS Percentile | 0.39712 |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00292 |
EPSS Percentile | 0.68486 |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
EPSS Score | 0.00059 |
EPSS Percentile | 0.22886 |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
EPSS Score | 0.00132 |
EPSS Percentile | 0.47272 |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00197 |
EPSS Percentile | 0.56603 |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00323 |
EPSS Percentile | 0.7009 |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
EPSS Score | 0.00067 |
EPSS Percentile | 0.27578 |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00127 |
EPSS Percentile | 0.46425 |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
EPSS Score | 0.0006 |
EPSS Percentile | 0.23675 |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
EPSS Score | 0.00105 |
EPSS Percentile | 0.41808 |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
OutdatedOverview
|
Overview
|
Outdated🔍 Vulnerabilities of
|
digest | sha256:dee3adc4ccaa8ad9a0803d76d1321f9a722c8334edb5031daae6e52738772757 |
vulnerabilities | |
platform | linux/arm64 |
size | 2.4 GB |
packages | 2980 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
stdlib 1.20.11
(golang)
pkg:golang/stdlib@1.20.11
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=1.20.11 |
Fixed version | 1.20.12 |
Description
The filepath package does not recognize paths with a ??\ prefix as special.
On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x is equivalent to the more common path c:\x.
Before fix, Clean could convert a rooted path such as \a..??\b into the root local device path ??\b. Clean will now convert this to .??\b.
Similarly, Join(, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path ??\b. Join will now convert this to .??\b.
In addition, with fix, IsAbs now correctly reports paths beginning with ??\ as absolute, and VolumeName correctly reports the ??\ prefix as a volume name.
UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with ?, resulting in filepath.Clean(?\c:) returning ?\c: rather than ?\c:\ (among other effects). The previous behavior has been restored.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
Outdated🔍 Vulnerabilities of
|
digest | sha256:01284d8476346e41580af098e94f4e467dc227d301fb20b895695a9001234423 |
vulnerabilities | |
platform | linux/arm64 |
size | 2.4 GB |
packages | 2966 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:4aa61d4985265be6d872cc214016f2f91a77b1c925dab5ce502db2edc4a7e5af |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
Outdated🔍 Vulnerabilities of
|
digest | sha256:be2a8b2f405cfbf8b7c16ec8300af95365fb0c40b69209d44314e1c67500e795 |
vulnerabilities | |
platform | linux/amd64 |
size | 2.6 GB |
packages | 3011 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
stdlib 1.20.11
(golang)
pkg:golang/stdlib@1.20.11
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Affected range | >=1.20.11 |
Fixed version | 1.20.12 |
Description
The filepath package does not recognize paths with a ??\ prefix as special.
On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x is equivalent to the more common path c:\x.
Before fix, Clean could convert a rooted path such as \a..??\b into the root local device path ??\b. Clean will now convert this to .??\b.
Similarly, Join(, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path ??\b. Join will now convert this to .??\b.
In addition, with fix, IsAbs now correctly reports paths beginning with ??\ as absolute, and VolumeName correctly reports the ??\ prefix as a volume name.
UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with ?, resulting in filepath.Clean(?\c:) returning ?\c: rather than ?\c:\ (among other effects). The previous behavior has been restored.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:14)
RUN sudo --set-home python3 -m pip install --no-cache-dir --ignore-installed \
aws-sam-cli \
qldbshell
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Outdated🔍 Vulnerabilities of
|
digest | sha256:0d35853000b2b76dd555e1e66f224850d1d9e625db98d740979db4d7126e4a4d |
vulnerabilities | |
platform | linux/amd64 |
size | 2.5 GB |
packages | 2944 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:15)
RUN sudo --set-home --preserve-env=ACCEPT_EULA,DEBIAN_FRONTEND apt-get install --yes --no-install-recommends \
msodbcsql18 \
mssql-tools18 \
unixodbc-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
Outdated🔍 Vulnerabilities of
|
digest | sha256:946d5cd46e84119734e45818781f497be8de395f893a6ea8d38f9260aef9cb57 |
vulnerabilities | |
platform | linux/amd64 |
size | 2.5 GB |
packages | 3046 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (15:17)
RUN printf '; Railsbank NPM Package Registry\n\
@railsbank-tech:registry=https://gitlab.com/api/v4/packages/npm/\n\n' | \
sudo tee --append /etc/npmrc 1> /dev/null
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
🔍 Vulnerabilities of
|
digest | sha256:9b03ee453ca794ccfc026fc9850b86f69bf350fdf55d39e663b9e46beb78dfe2 |
vulnerabilities | |
platform | linux/amd64 |
size | 2.6 GB |
packages | 2997 |
📦 Base Image ubuntu:20.04
also known as |
|
digest | sha256:48c35f3de33487442af224ed4aabac19fd9bfbd91ee90e9471d412706b20ba73 |
vulnerabilities |
cgi
|
Affected range | <=0.3.1 |
Fixed version | 0.3.2 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
CGI.escape_html
in Ruby has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) wheresize_t
andlong
have different numbers of bytes.
Affected range | >=0.3.0 |
Fixed version | 0.3.5 |
CVSS Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.
execa 0.10.0
(npm)
pkg:npm/execa@0.10.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
execa 1.0.0
(npm)
pkg:npm/execa@1.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.0.0 |
Fixed version | 2.0.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting
preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
rvm 1.11.3.9
(gem)
pkg:gem/rvm@1.11.3.9
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <=1.28.0 |
Fixed version | 1.29.0 |
CVSS Score | 9.8 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Description
RVM automatically loads environment variables from files in
$PWD
resulting in command execution.
cryptography 41.0.7
(pypi)
pkg:pypi/cryptography@41.0.7
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
linux 5.4.0-173.191
(deb)
pkg:deb/ubuntu/linux@5.4.0-173.191?os_distro=focal&os_name=ubuntu&os_version=20.04
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <5.4.0-174.193 |
Fixed version | 5.4.0-174.193 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Affected range | >=0 |
Fixed version | Not Fixed |
CVSS Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
pygments 2.3.1
(pypi)
pkg:pypi/pygments@2.3.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.1 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Loop with Unreachable Exit Condition ('Infinite Loop')
Affected range | >=1.5 |
Fixed version | 2.7.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
cryptography 41.0.6
(pypi)
pkg:pypi/cryptography@41.0.6
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | >=38.0.0 |
Fixed version | 42.0.4 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
If
pkcs12.serialize_key_and_certificates
is called with both:
- A certificate whose public key did not match the provided private key
- An
encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in pyca/cryptography#10423
Affected range | <42.0.0 |
Fixed version | 42.0.0 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
time 0.2.0
(gem)
pkg:gem/time@0.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.2.0 |
Fixed version | 0.2.2 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
async 1.5.0
(npm)
pkg:npm/async@1.5.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <2.6.4 |
Fixed version | 2.6.4, 3.2.2 |
CVSS Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Description
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
net.sourceforge.plantuml/plantuml 0.0.0
(maven)
pkg:maven/net.sourceforge.plantuml/plantuml@0.0.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Server-Side Request Forgery (SSRF)
Affected range | <1.2023.9 |
Fixed version | 1.2023.9 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Description
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
setuptools 41.2.0
(pypi)
pkg:pypi/setuptools@41.2.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <65.5.1 |
Fixed version | 65.5.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.
httpie 1.0.3
(pypi)
pkg:pypi/httpie@1.0.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Improper Certificate Validation
Affected range | <=3.2.2 |
Fixed version | Not Fixed |
CVSS Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
uri 0.11.0
(gem)
pkg:gem/uri@0.11.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | >=0.11.0 |
Fixed version | 0.11.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
certifi 2019.11.28
(pypi)
pkg:pypi/certifi@2019.11.28
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Insufficient Verification of Data Authenticity
Affected range | >=2015.4.28 |
Fixed version | 2023.7.22 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Description
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.
e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.
github.com/cloudflare/circl 1.3.3
(golang)
pkg:golang/github.com/cloudflare/circl@1.3.3
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Affected range | <1.3.7 |
Fixed version | 1.3.7 |
Description
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
urllib3 1.25.8
(pypi)
pkg:pypi/urllib3@1.25.8
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | >=1.25.4 |
Fixed version | 1.26.5 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
Impact
When provided with a URL containing many
@
characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
- Ask in our community Discord
- Email sethmichaellarson@gmail.com
printf 0.3.0
(npm)
pkg:npm/printf@0.3.0
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Uncontrolled Resource Consumption
Affected range | <0.6.1 |
Fixed version | 0.6.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string
/\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/gin
lib/printf.js
. The vulnerable regular expression has cubic worst-case time complexity.
http-cache-semantics 3.8.1
(npm)
pkg:npm/http-cache-semantics@3.8.1
# Dockerfile (12:19)
RUN sudo --set-home --preserve-env=DEBIAN_FRONTEND apt-get install --yes \
flex \
bison \
build-essential \
csh \
openjdk-8-jdk \
spim \
libxaw7-dev
Inefficient Regular Expression Complexity
Affected range | <4.1.1 |
Fixed version | 4.1.1 |
CVSS Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
No description provided.