Skip to content

chore(deps): bump aquasecurity/trivy-action from 0.25.0 to 0.26.0 (#98) #380

chore(deps): bump aquasecurity/trivy-action from 0.25.0 to 0.26.0 (#98)

chore(deps): bump aquasecurity/trivy-action from 0.25.0 to 0.26.0 (#98) #380

Triggered via push October 10, 2024 12:45
Status Failure
Total duration 48s
Artifacts 3

test.yaml

on: push
image-ok  /  Build and push
24s
image-ok / Build and push
image-vulnerable  /  Build and push
37s
image-vulnerable / Build and push
image-with-extra-tags  /  Build and push
16s
image-with-extra-tags / Build and push
Fit to window
Zoom out
Zoom in

Annotations

11 errors and 10 warnings
image-with-extra-tags / Build and push
Process completed with exit code 1.
image-vulnerable / Build and push
HIGH CVE-2022-28391 busybox: busybox: remote attackers may execute arbitrary code if netstat is used (https://avd.aquasec.com/nvd/cve-2022-28391)
image-vulnerable / Build and push
CRITICAL CVE-2022-22822 expat: expat: Integer overflow in addBinding in xmlparse.c (https://avd.aquasec.com/nvd/cve-2022-22822)
image-vulnerable / Build and push
CRITICAL CVE-2022-22823 expat: expat: Integer overflow in build_model in xmlparse.c (https://avd.aquasec.com/nvd/cve-2022-22823)
image-vulnerable / Build and push
CRITICAL CVE-2022-22824 expat: expat: Integer overflow in defineAttribute in xmlparse.c (https://avd.aquasec.com/nvd/cve-2022-22824)
image-vulnerable / Build and push
CRITICAL CVE-2022-23852 expat: expat: Integer overflow in function XML_GetBuffer (https://avd.aquasec.com/nvd/cve-2022-23852)
image-vulnerable / Build and push
CRITICAL CVE-2022-25235 expat: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (https://avd.aquasec.com/nvd/cve-2022-25235)
image-vulnerable / Build and push
CRITICAL CVE-2022-25236 expat: expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (https://avd.aquasec.com/nvd/cve-2022-25236)
image-vulnerable / Build and push
CRITICAL CVE-2022-25315 expat: expat: Integer overflow in storeRawNames() (https://avd.aquasec.com/nvd/cve-2022-25315)
image-vulnerable / Build and push
HIGH CVE-2021-45960 expat: expat: Large number of prefixed XML attributes on a single tag can crash libexpat (https://avd.aquasec.com/nvd/cve-2021-45960)
image-vulnerable / Build and push
HIGH CVE-2021-46143 expat: expat: Integer overflow in doProlog in xmlparse.c (https://avd.aquasec.com/nvd/cve-2021-46143)
image-vulnerable / Build and push
MEDIUM CVE-2022-25313 expat: expat: Stack exhaustion in doctype parsing (https://avd.aquasec.com/nvd/cve-2022-25313)
image-vulnerable / Build and push
MEDIUM CVE-2021-37750 krb5-libs: krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (https://avd.aquasec.com/nvd/cve-2021-37750)
image-vulnerable / Build and push
MEDIUM CVE-2022-2097 libcrypto1.1: openssl: AES OCB fails to encrypt some bytes (https://avd.aquasec.com/nvd/cve-2022-2097)
image-vulnerable / Build and push
MEDIUM CVE-2022-4304 libcrypto1.1: openssl: timing attack in RSA Decryption implementation (https://avd.aquasec.com/nvd/cve-2022-4304)
image-vulnerable / Build and push
MEDIUM CVE-2023-0465 libcrypto1.1: openssl: Invalid certificate policies in leaf certificates are silently ignored (https://avd.aquasec.com/nvd/cve-2023-0465)
image-vulnerable / Build and push
MEDIUM CVE-2023-2650 libcrypto1.1: openssl: Possible DoS translating ASN.1 object identifiers (https://avd.aquasec.com/nvd/cve-2023-2650)
image-vulnerable / Build and push
MEDIUM CVE-2023-3446 libcrypto1.1: openssl: Excessive time spent checking DH keys and parameters (https://avd.aquasec.com/nvd/cve-2023-3446)
image-vulnerable / Build and push
MEDIUM CVE-2023-3817 libcrypto1.1: OpenSSL: Excessive time spent checking DH q parameter value (https://avd.aquasec.com/nvd/cve-2023-3817)
image-vulnerable / Build and push
MEDIUM CVE-2023-5678 libcrypto1.1: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (https://avd.aquasec.com/nvd/cve-2023-5678)
image-vulnerable / Build and push
MEDIUM CVE-2022-2097 libssl1.1: openssl: AES OCB fails to encrypt some bytes (https://avd.aquasec.com/nvd/cve-2022-2097)

Artifacts

Produced during runtime
Name Size
nrkno~github-workflow-docker-build-push~HWMEMJ.dockerbuild
13.4 KB
nrkno~github-workflow-docker-build-push~UOBL38.dockerbuild
13.2 KB
nrkno~github-workflow-docker-build-push~VRVDPF.dockerbuild
18.9 KB