gitimages.expertflow.com/cim/facebook-connector:4.4 (alpine 3.14.2) =================================================================== Total: 43 (UNKNOWN: 0, LOW: 0, MEDIUM: 10, HIGH: 32, CRITICAL: 1) +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42379 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42380 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42381 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42382 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42383 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42384 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42385 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42386 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2022-28391 | | | 1.33.1-r7 | busybox: remote attackers may execute | | | | | | | arbitrary code if netstat is used | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28391 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | | | | | | | in unlzma applet leads to | | | | | | | information leak and denial... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | | | | | | | of a special element in | | | | | | | ash applet leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | libcrypto1.1 | CVE-2022-0778 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | openssl: Infinite loop in | | | | | | | BN_mod_sqrt() reachable | | | | | | | when parsing certificates | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0778 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2022-4450 | | | 1.1.1t-r0 | openssl: double free after | | | | | | | calling PEM_read_bio_ex | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4450 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0215 | | | | openssl: use-after-free | | | | | | | following BIO_new_NDEF | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0215 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0286 | | | | openssl: X.400 address type | | | | | | | confusion in X.509 GeneralName | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0286 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2023-0464 | | | 1.1.1t-r1 | openssl: Denial of service | | | | | | | by excessive resource usage | | | | | | | in verifying X509 policy... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0464 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2022-2097 | MEDIUM | | 1.1.1q-r0 | openssl: AES OCB fails | | | | | | | to encrypt some bytes | | | | | | | -->avd.aquasec.com/nvd/cve-2022-2097 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2022-4304 | | | 1.1.1t-r0 | openssl: timing attack in | | | | | | | RSA Decryption implementation | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4304 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2023-0465 | | | 1.1.1t-r2 | openssl: Invalid certificate | | | | | | | policies in leaf certificates | | | | | | | are silently ignored | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0465 | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | libretls | CVE-2022-0778 | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | openssl: Infinite loop in | | | | | | | BN_mod_sqrt() reachable | | | | | | | when parsing certificates | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0778 | +--------------+ + +-------------------+---------------+ + | libssl1.1 | | | 1.1.1l-r0 | 1.1.1n-r0 | | | | | | | | | | | | | | | | | | | | | | | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2022-4450 | | | 1.1.1t-r0 | openssl: double free after | | | | | | | calling PEM_read_bio_ex | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4450 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0215 | | | | openssl: use-after-free | | | | | | | following BIO_new_NDEF | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0215 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0286 | | | | openssl: X.400 address type | | | | | | | confusion in X.509 GeneralName | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0286 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2023-0464 | | | 1.1.1t-r1 | openssl: Denial of service | | | | | | | by excessive resource usage | | | | | | | in verifying X509 policy... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0464 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2022-2097 | MEDIUM | | 1.1.1q-r0 | openssl: AES OCB fails | | | | | | | to encrypt some bytes | | | | | | | -->avd.aquasec.com/nvd/cve-2022-2097 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2022-4304 | | | 1.1.1t-r0 | openssl: timing attack in | | | | | | | RSA Decryption implementation | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4304 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2023-0465 | | | 1.1.1t-r2 | openssl: Invalid certificate | | | | | | | policies in leaf certificates | | | | | | | are silently ignored | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0465 | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42379 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42380 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42381 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42382 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42383 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42384 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42385 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-42386 | | | | busybox: use-after-free in | | | | | | | awk applet leads to denial | | | | | | | of service and possibly... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2022-28391 | | | 1.33.1-r7 | busybox: remote attackers may execute | | | | | | | arbitrary code if netstat is used | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28391 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | | | | | | | in unlzma applet leads to | | | | | | | information leak and denial... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | | | | | | | of a special element in | | | | | | | ash applet leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | zlib | CVE-2022-37434 | CRITICAL | 1.2.11-r3 | 1.2.12-r2 | zlib: heap-based buffer | | | | | | | over-read and overflow in | | | | | | | inflate() in inflate.c via a... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-37434 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2018-25032 | HIGH | | 1.2.12-r0 | zlib: A flaw found in | | | | | | | zlib when compressing (not | | | | | | | decompressing) certain inputs... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-25032 | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ Java (jar) ========== Total: 34 (UNKNOWN: 0, LOW: 0, MEDIUM: 14, HIGH: 17, CRITICAL: 3) +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | ch.qos.logback:logback-classic | CVE-2023-6378 | HIGH | 1.2.11 | 1.3.12, 1.4.12, 1.2.13 | logback: serialization | | | | | | | vulnerability in logback receiver | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6378 | +-------------------------------------------------------------+ + + + + + | ch.qos.logback:logback-core | | | | | | | | | | | | | | | | | | | | +-------------------------------------------------------------+------------------+ +-------------------+--------------------------------+----------------------------------------------------------------+ | com.fasterxml.jackson.core:jackson-databind | CVE-2022-42003 | | 2.13.3 | 2.12.7.1, 2.13.4.2 | jackson-databind: deep | | | | | | | wrapper array nesting wrt | | | | | | | UNWRAP_SINGLE_VALUE_ARRAYS | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42003 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-42004 | | | 2.12.7.1, 2.13.4 | jackson-databind: use | | | | | | | of deeply nested arrays | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42004 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | com.squareup.okio:okio | CVE-2023-3635 | MEDIUM | 2.8.0 | 3.4.0, 1.17.6 | okio: GzipSource class | | | | | | | improper exception handling | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3635 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.apache.tomcat.embed:tomcat-embed-core | CVE-2022-42252 | HIGH | 9.0.63 | 8.5.83, 9.0.68, 10.0.27, | tomcat: request smuggling | | | | | | 10.1.1 | -->avd.aquasec.com/nvd/cve-2022-42252 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-45143 | | | 8.5.84, 9.0.69, 10.1.2 | tomcat: JsonErrorReportValve | | | | | | | injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45143 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-24998 | | | 10.1.5, 11.0.0-M5, 8.5.88, | Apache Commons FileUpload: | | | | | | 9.0.71 | FileUpload DoS with excessive parts | | | | | | | -->avd.aquasec.com/nvd/cve-2023-24998 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-46589 | | | 11.0.0-M11, 10.1.16, 9.0.83, | tomcat: HTTP request smuggling | | | | | | 8.5.96 | via malformed trailer headers | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46589 | + +------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-41080 | MEDIUM | | 8.5.93, 9.0.80, 10.1.13, | tomcat: Open Redirect vulnerability | | | | | | 11.0.0-M11 | in FORM authentication | | | | | | | -->avd.aquasec.com/nvd/cve-2023-41080 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-42795 | | | 11.0.0-M12, 10.1.14, 9.0.81, | tomcat: improper cleaning | | | | | | 8.5.94 | of recycled objects could | | | | | | | lead to information leak | | | | | | | -->avd.aquasec.com/nvd/cve-2023-42795 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2023-44487 | | | | HTTP/2: Multiple HTTP/2 | | | | | | | enabled web servers are | | | | | | | vulnerable to a DDoS attack... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-44487 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2023-45648 | | | | tomcat: incorrectly parsed | | | | | | | http trailer headers can | | | | | | | cause request smuggling | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45648 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2024-24549 | | | 8.5.99, 9.0.86, 10.1.19, | : Apache Tomcat: HTTP/2 | | | | | | 11.0.0-M17 | header handling DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2024-24549 | +-------------------------------------------------------------+------------------+ + +--------------------------------+----------------------------------------------------------------+ | org.apache.tomcat.embed:tomcat-embed-websocket | CVE-2024-23672 | | | 11.0.0-M17, 10.1.19, 9.0.86, | Apache Tomcat: WebSocket DoS | | | | | | 8.5.99 | with incomplete closing handshake | | | | | | | -->avd.aquasec.com/nvd/cve-2024-23672 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.json:json | CVE-2022-45688 | HIGH | 20201115 | 20230227 | json stack overflow vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45688 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-5072 | | | 20231013 | JSON-java: parser | | | | | | | confusion leads to OOM | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5072 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.springframework.boot:spring-boot | CVE-2023-34055 | MEDIUM | 2.7.0 | 2.7.18, 3.0.13, 3.1.6 | spring-boot: | | | | | | | org.springframework.boot:spring-boot-actuator | | | | | | | class vulnerable to denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34055 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | org.springframework.boot:spring-boot-actuator-autoconfigure | CVE-2023-20873 | CRITICAL | | 3.0.6, 2.7.11 | spring-boot: Security | | | | | | | Bypass With Wildcard Pattern | | | | | | | Matching on Cloud Foundry | | | | | | | -->avd.aquasec.com/nvd/cve-2023-20873 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | org.springframework.boot:spring-boot-autoconfigure | CVE-2023-20883 | HIGH | | 3.0.7, 2.7.12, 2.6.15, 2.5.15 | spring-boot: Spring Boot | | | | | | | Welcome Page DoS Vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2023-20883 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.springframework.data:spring-data-mongodb | CVE-2022-22980 | CRITICAL | 3.4.0 | 3.4.1, 3.3.5 | Spring Data MongoDB: SpEL in | | | | | | | query methods allow code injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22980 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.springframework:spring-expression | CVE-2023-20863 | HIGH | 5.3.20 | 6.0.8, 5.3.27, 5.2.24.RELEASE | springframework: Spring | | | | | | | Expression DoS Vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2023-20863 | + +------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-20861 | MEDIUM | | 6.0.7, 5.3.26, 5.2.23.RELEASE | springframework: Spring | | | | | | | Expression DoS Vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2023-20861 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | org.springframework:spring-web | CVE-2016-1000027 | CRITICAL | | 6.0.0 | spring: HttpInvokerServiceExporter | | | | | | | readRemoteInvocation method | | | | | | | untrusted java deserialization | | | | | | | -->avd.aquasec.com/nvd/cve-2016-1000027 | + +------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | | CVE-2024-22243 | HIGH | | 6.1.4, 6.0.17, 5.3.32 | springframework: URL | | | | | | | Parsing with Host Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22243 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2024-22259 | | | 6.1.5, 6.0.18, 5.3.33 | springframework: URL | | | | | | | Parsing with Host Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22259 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2024-22262 | | | 5.3.34, 6.0.19, 6.1.6 | springframework: URL | | | | | | | Parsing with Host Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22262 | +-------------------------------------------------------------+------------------+ +-------------------+--------------------------------+----------------------------------------------------------------+ | org.yaml:snakeyaml | CVE-2022-1471 | | 1.30 | 2.0 | SnakeYaml: Constructor | | | | | | | Deserialization | | | | | | | Remote Code Execution | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1471 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-25857 | | | 1.31 | snakeyaml: Denial of Service | | | | | | | due to missing nested depth | | | | | | | limitation for collections... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-25857 | + +------------------+----------+ + +----------------------------------------------------------------+ | | CVE-2022-38749 | MEDIUM | | | snakeyaml: Uncaught exception in | | | | | | | org.yaml.snakeyaml.composer.Composer.composeSequenceNode | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38749 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2022-38750 | | | | snakeyaml: Uncaught exception in | | | | | | | org.yaml.snakeyaml.constructor.BaseConstructor.constructObject | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38750 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2022-38751 | | | | snakeyaml: Uncaught exception in | | | | | | | java.base/java.util.regex.Pattern$Ques.match | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38751 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-38752 | | | 1.32 | snakeyaml: Uncaught exception in | | | | | | | java.base/java.util.ArrayList.hashCode | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38752 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2022-41854 | | | | dev-java/snakeyaml: | | | | | | | DoS via stack overflow | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41854 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+