gitimages.expertflow.com/cim/viber-connector:4.4 (alpine 3.18.4) ================================================================ Total: 19 (UNKNOWN: 0, LOW: 2, MEDIUM: 13, HIGH: 4, CRITICAL: 0) +------------+------------------+----------+-------------------+---------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------+------------------+----------+-------------------+---------------+---------------------------------------+ | curl | CVE-2023-46218 | MEDIUM | 8.4.0-r0 | 8.5.0-r0 | curl: information disclosure | | | | | | | by exploiting a mixed case flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46218 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-46219 | | | | curl: excessively long file name | | | | | | | may lead to unknown HSTS status | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46219 | +------------+------------------+----------+-------------------+---------------+---------------------------------------+ | libcrypto3 | CVE-2023-5363 | HIGH | 3.1.3-r0 | 3.1.4-r0 | openssl: Incorrect cipher | | | | | | | key and IV length processing | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5363 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2023-5678 | MEDIUM | | 3.1.4-r1 | openssl: Generating excessively | | | | | | | long X9.42 DH keys or checking | | | | | | | excessively long X9.42... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5678 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2023-6129 | | | 3.1.4-r3 | openssl: POLY1305 MAC implementation | | | | | | | corrupts vector registers on PowerPC | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6129 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2023-6237 | | | 3.1.4-r4 | openssl: Excessive time spent | | | | | | | checking invalid RSA public keys | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6237 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2024-0727 | | | 3.1.4-r5 | openssl: denial of service | | | | | | | via null dereference | | | | | | | -->avd.aquasec.com/nvd/cve-2024-0727 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2024-2511 | LOW | | 3.1.4-r6 | openssl: Unbounded memory growth | | | | | | | with session handling in TLSv1.3 | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2511 | +------------+------------------+----------+-------------------+---------------+---------------------------------------+ | libcurl | CVE-2023-46218 | MEDIUM | 8.4.0-r0 | 8.5.0-r0 | curl: information disclosure | | | | | | | by exploiting a mixed case flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46218 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-46219 | | | | curl: excessively long file name | | | | | | | may lead to unknown HSTS status | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46219 | +------------+------------------+----------+-------------------+---------------+---------------------------------------+ | libexpat | CVE-2023-52425 | HIGH | 2.5.0-r1 | 2.6.0-r0 | expat: parsing large tokens | | | | | | | can trigger a denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-52425 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2024-28757 | | | 2.6.2-r0 | expat: XML Entity Expansion | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28757 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2023-52426 | MEDIUM | | 2.6.0-r0 | expat: recursive XML entity | | | | | | | expansion vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2023-52426 | +------------+------------------+----------+-------------------+---------------+---------------------------------------+ | libssl3 | CVE-2023-5363 | HIGH | 3.1.3-r0 | 3.1.4-r0 | openssl: Incorrect cipher | | | | | | | key and IV length processing | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5363 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2023-5678 | MEDIUM | | 3.1.4-r1 | openssl: Generating excessively | | | | | | | long X9.42 DH keys or checking | | | | | | | excessively long X9.42... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5678 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2023-6129 | | | 3.1.4-r3 | openssl: POLY1305 MAC implementation | | | | | | | corrupts vector registers on PowerPC | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6129 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2023-6237 | | | 3.1.4-r4 | openssl: Excessive time spent | | | | | | | checking invalid RSA public keys | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6237 | + +------------------+ + +---------------+---------------------------------------+ | | CVE-2024-0727 | | | 3.1.4-r5 | openssl: denial of service | | | | | | | via null dereference | | | | | | | -->avd.aquasec.com/nvd/cve-2024-0727 | + +------------------+----------+ +---------------+---------------------------------------+ | | CVE-2024-2511 | LOW | | 3.1.4-r6 | openssl: Unbounded memory growth | | | | | | | with session handling in TLSv1.3 | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2511 | +------------+------------------+----------+-------------------+---------------+---------------------------------------+ Java (jar) ========== Total: 17 (UNKNOWN: 0, LOW: 0, MEDIUM: 7, HIGH: 10, CRITICAL: 0) +------------------------------------------------+------------------+----------+-------------------+--------------------------------+-----------------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------------------------------------------+------------------+----------+-------------------+--------------------------------+-----------------------------------------------+ | ch.qos.logback:logback-classic | CVE-2023-6378 | HIGH | 1.4.11 | 1.3.12, 1.4.12, 1.2.13 | logback: serialization | | | | | | | vulnerability in logback receiver | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6378 | +------------------------------------------------+ + + + + + | ch.qos.logback:logback-core | | | | | | | | | | | | | | | | | | | | +------------------------------------------------+------------------+----------+-------------------+--------------------------------+-----------------------------------------------+ | com.squareup.okio:okio | CVE-2023-3635 | MEDIUM | 2.8.0 | 3.4.0, 1.17.6 | okio: GzipSource class | | | | | | | improper exception handling | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3635 | +------------------------------------------------+------------------+----------+-------------------+--------------------------------+-----------------------------------------------+ | org.apache.tomcat.embed:tomcat-embed-core | CVE-2023-46589 | HIGH | 10.1.13 | 11.0.0-M11, 10.1.16, 9.0.83, | tomcat: HTTP request smuggling | | | | | | 8.5.96 | via malformed trailer headers | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46589 | + +------------------+----------+ +--------------------------------+-----------------------------------------------+ | | CVE-2023-42795 | MEDIUM | | 11.0.0-M12, 10.1.14, 9.0.81, | tomcat: improper cleaning | | | | | | 8.5.94 | of recycled objects could | | | | | | | lead to information leak | | | | | | | -->avd.aquasec.com/nvd/cve-2023-42795 | + +------------------+ + + +-----------------------------------------------+ | | CVE-2023-44487 | | | | HTTP/2: Multiple HTTP/2 | | | | | | | enabled web servers are | | | | | | | vulnerable to a DDoS attack... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-44487 | + +------------------+ + + +-----------------------------------------------+ | | CVE-2023-45648 | | | | tomcat: incorrectly parsed | | | | | | | http trailer headers can | | | | | | | cause request smuggling | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45648 | + +------------------+ + +--------------------------------+-----------------------------------------------+ | | CVE-2024-24549 | | | 8.5.99, 9.0.86, 10.1.19, | : Apache Tomcat: HTTP/2 | | | | | | 11.0.0-M17 | header handling DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2024-24549 | +------------------------------------------------+------------------+ + +--------------------------------+-----------------------------------------------+ | org.apache.tomcat.embed:tomcat-embed-websocket | CVE-2024-23672 | | | 11.0.0-M17, 10.1.19, 9.0.86, | Apache Tomcat: WebSocket DoS | | | | | | 8.5.99 | with incomplete closing handshake | | | | | | | -->avd.aquasec.com/nvd/cve-2024-23672 | +------------------------------------------------+------------------+----------+-------------------+--------------------------------+-----------------------------------------------+ | org.json:json | CVE-2022-45688 | HIGH | 20201115 | 20230227 | json stack overflow vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45688 | + +------------------+ + +--------------------------------+-----------------------------------------------+ | | CVE-2023-5072 | | | 20231013 | JSON-java: parser | | | | | | | confusion leads to OOM | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5072 | +------------------------------------------------+------------------+----------+-------------------+--------------------------------+-----------------------------------------------+ | org.springframework.boot:spring-boot | CVE-2023-34055 | MEDIUM | 3.1.4 | 2.7.18, 3.0.13, 3.1.6 | spring-boot: | | | | | | | org.springframework.boot:spring-boot-actuator | | | | | | | class vulnerable to denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34055 | +------------------------------------------------+------------------+----------+-------------------+--------------------------------+-----------------------------------------------+ | org.springframework:spring-web | CVE-2024-22243 | HIGH | 6.0.12 | 6.1.4, 6.0.17, 5.3.32 | springframework: URL | | | | | | | Parsing with Host Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22243 | + +------------------+ + +--------------------------------+-----------------------------------------------+ | | CVE-2024-22259 | | | 6.1.5, 6.0.18, 5.3.33 | springframework: URL | | | | | | | Parsing with Host Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22259 | + +------------------+ + +--------------------------------+-----------------------------------------------+ | | CVE-2024-22262 | | | 5.3.34, 6.0.19, 6.1.6 | springframework: URL | | | | | | | Parsing with Host Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22262 | +------------------------------------------------+------------------+ + +--------------------------------+-----------------------------------------------+ | org.springframework:spring-webmvc | CVE-2023-34053 | | | 6.0.14 | springframework: | | | | | | | io.micrometer:micrometer-core | | | | | | | classpath vulnerable | | | | | | | to denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34053 | +------------------------------------------------+------------------+ +-------------------+--------------------------------+-----------------------------------------------+ | org.yaml:snakeyaml | CVE-2022-1471 | | 1.33 | 2.0 | SnakeYaml: Constructor | | | | | | | Deserialization | | | | | | | Remote Code Execution | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1471 | +------------------------------------------------+------------------+----------+-------------------+--------------------------------+-----------------------------------------------+