mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-05 20:40:16 -08:00
245 lines
7.9 KiB
JSON
245 lines
7.9 KiB
JSON
{
|
|
"@context": "https://openvex.dev/ns/v0.2.0",
|
|
"@id": "https://openvex.dev/docs/public/vex-8e30ed756ae8e4196af93bf43edf68360f396a98c0268787453a3443b26e7d6c",
|
|
"author": "Aqua Security",
|
|
"timestamp": "2024-07-10T12:17:44.60495+04:00",
|
|
"version": 1,
|
|
"statements": [
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2023-42363"
|
|
},
|
|
"products": [
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
|
|
"impact_statement": "awk is not used"
|
|
},
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2023-42364"
|
|
},
|
|
"products": [
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
|
|
"impact_statement": "awk is not used"
|
|
},
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2023-42365"
|
|
},
|
|
"products": [
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
|
|
"impact_statement": "awk is not used"
|
|
},
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2023-42366"
|
|
},
|
|
"products": [
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/busybox"},
|
|
{"@id": "pkg:apk/alpine/busybox-binsh"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
|
|
"impact_statement": "awk is not used"
|
|
},
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2024-4741"
|
|
},
|
|
"products": [
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/libcrypto3"},
|
|
{"@id": "pkg:apk/alpine/libssl3"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/libcrypto3"},
|
|
{"@id": "pkg:apk/alpine/libssl3"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/libcrypto3"},
|
|
{"@id": "pkg:apk/alpine/libssl3"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
|
|
"impact_statement": "openssl is not used"
|
|
},
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2024-5535"
|
|
},
|
|
"products": [
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/libcrypto3"},
|
|
{"@id": "pkg:apk/alpine/libssl3"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/libcrypto3"},
|
|
{"@id": "pkg:apk/alpine/libssl3"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/libcrypto3"},
|
|
{"@id": "pkg:apk/alpine/libssl3"},
|
|
{"@id": "pkg:apk/alpine/ssl_client"}
|
|
]
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
|
|
"impact_statement": "openssl is not used"
|
|
},
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2024-6119"
|
|
},
|
|
"products": [
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/libcrypto3"},
|
|
{"@id": "pkg:apk/alpine/libssl3"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/libcrypto3"},
|
|
{"@id": "pkg:apk/alpine/libssl3"}
|
|
]
|
|
},
|
|
{
|
|
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
|
|
"subcomponents": [
|
|
{"@id": "pkg:apk/alpine/libcrypto3"},
|
|
{"@id": "pkg:apk/alpine/libssl3"}
|
|
]
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
|
|
"impact_statement": "openssl is not used"
|
|
}
|
|
]
|
|
}
|