snyk-sarif.json

{
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
  "version": "2.1.0",
  "runs": [
    {
      "tool": {
        "driver": {
          "name": "Snyk Container",
          "semanticVersion": "1.1293.1",
          "version": "1.1293.1",
          "informationUri": "https://docs.snyk.io/",
          "properties": {
            "artifactsScanned": 88
          },
          "rules": [
            {
              "id": "SNYK-DEBIAN12-APT-1541449",
              "shortDescription": {
                "text": "Low severity - Improper Verification of Cryptographic Signature vulnerability in apt"
              },
              "fullDescription": {
                "text": "(CVE-2011-3374) apt/libapt-pkg6.0@2.6.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `apt` package and not the `apt` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIt was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.\n## Remediation\nThere is no fixed version for `Debian:12` `apt`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2011-3374](https://security-tracker.debian.org/tracker/CVE-2011-3374)\n- [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480)\n- [https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html](https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html)\n- [https://seclists.org/fulldisclosure/2011/Sep/221](https://seclists.org/fulldisclosure/2011/Sep/221)\n- [https://snyk.io/vuln/SNYK-LINUX-APT-116518](https://snyk.io/vuln/SNYK-LINUX-APT-116518)\n- [https://ubuntu.com/security/CVE-2011-3374](https://ubuntu.com/security/CVE-2011-3374)\n- [https://access.redhat.com/security/cve/cve-2011-3374](https://access.redhat.com/security/cve/cve-2011-3374)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-347",
                  "deb"
                ],
                "cvssv3_baseScore": 3.7,
                "security-severity": "3.7"
              }
            },
            {
              "id": "SNYK-DEBIAN12-COREUTILS-1543939",
              "shortDescription": {
                "text": "Low severity - Improper Input Validation vulnerability in coreutils"
              },
              "fullDescription": {
                "text": "(CVE-2016-2781) coreutils@9.1-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `coreutils` package and not the `coreutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nchroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.\n## Remediation\nThere is no fixed version for `Debian:12` `coreutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-2781](https://security-tracker.debian.org/tracker/CVE-2016-2781)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E)\n- [http://www.openwall.com/lists/oss-security/2016/02/28/2](http://www.openwall.com/lists/oss-security/2016/02/28/2)\n- [http://www.openwall.com/lists/oss-security/2016/02/28/3](http://www.openwall.com/lists/oss-security/2016/02/28/3)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-20",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-COREUTILS-1543947",
              "shortDescription": {
                "text": "Low severity - Race Condition vulnerability in coreutils"
              },
              "fullDescription": {
                "text": "(CVE-2017-18018) coreutils@9.1-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `coreutils` package and not the `coreutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.\n## Remediation\nThere is no fixed version for `Debian:12` `coreutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-18018](https://security-tracker.debian.org/tracker/CVE-2017-18018)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018)\n- [http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html](http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-362",
                  "deb"
                ],
                "cvssv3_baseScore": 4.7,
                "security-severity": "4.7"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GCC12-2606941",
              "shortDescription": {
                "text": "Low severity - Uncontrolled Recursion vulnerability in gcc-12"
              },
              "fullDescription": {
                "text": "(CVE-2022-27943) gcc-12/libstdc++6@12.2.0-14"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gcc-12` package and not the `gcc-12` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.\n## Remediation\nThere is no fixed version for `Debian:12` `gcc-12`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2022-27943](https://security-tracker.debian.org/tracker/CVE-2022-27943)\n- [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=28995](https://sourceware.org/bugzilla/show_bug.cgi?id=28995)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-674",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GCC12-5901316",
              "shortDescription": {
                "text": "Low severity - CVE-2023-4039 vulnerability in gcc-12"
              },
              "fullDescription": {
                "text": "(CVE-2023-4039) gcc-12/libstdc++6@12.2.0-14"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gcc-12` package and not the `gcc-12` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\n\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n\n## Remediation\nThere is no fixed version for `Debian:12` `gcc-12`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-4039](https://security-tracker.debian.org/tracker/CVE-2023-4039)\n- [https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64](https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64)\n- [https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 4.8,
                "security-severity": "4.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1546991",
              "shortDescription": {
                "text": "Low severity - Information Exposure vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-1010024) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-1010024](https://security-tracker.debian.org/tracker/CVE-2019-1010024)\n- [https://support.f5.com/csp/article/K06046097](https://support.f5.com/csp/article/K06046097)\n- [https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22852](https://sourceware.org/bugzilla/show_bug.cgi?id=22852)\n- [http://www.securityfocus.com/bid/109162](http://www.securityfocus.com/bid/109162)\n- [https://ubuntu.com/security/CVE-2019-1010024](https://ubuntu.com/security/CVE-2019-1010024)\n- [https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-200",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547039",
              "shortDescription": {
                "text": "Low severity - Uncontrolled Recursion vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2018-20796) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-20796](https://security-tracker.debian.org/tracker/CVE-2018-20796)\n- [https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS)\n- [https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141)\n- [https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html](https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html)\n- [https://security.netapp.com/advisory/ntap-20190315-0002/](https://security.netapp.com/advisory/ntap-20190315-0002/)\n- [http://www.securityfocus.com/bid/107160](http://www.securityfocus.com/bid/107160)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796)\n- [https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-674",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547069",
              "shortDescription": {
                "text": "Low severity - Uncontrolled Recursion vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-9192) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-9192](https://security-tracker.debian.org/tracker/CVE-2019-9192)\n- [https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=24269](https://sourceware.org/bugzilla/show_bug.cgi?id=24269)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192)\n- [https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-674",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547135",
              "shortDescription": {
                "text": "Low severity - Use of Insufficiently Random Values vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-1010025) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-1010025](https://security-tracker.debian.org/tracker/CVE-2019-1010025)\n- [https://support.f5.com/csp/article/K06046097](https://support.f5.com/csp/article/K06046097)\n- [https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22853](https://sourceware.org/bugzilla/show_bug.cgi?id=22853)\n- [https://ubuntu.com/security/CVE-2019-1010025](https://ubuntu.com/security/CVE-2019-1010025)\n- [https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-330",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547196",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-1010022) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-1010022](https://security-tracker.debian.org/tracker/CVE-2019-1010022)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22850](https://sourceware.org/bugzilla/show_bug.cgi?id=22850)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3](https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3)\n- [https://ubuntu.com/security/CVE-2019-1010022](https://ubuntu.com/security/CVE-2019-1010022)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547293",
              "shortDescription": {
                "text": "Low severity - Resource Management Errors vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2010-4756) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2010-4756](https://security-tracker.debian.org/tracker/CVE-2010-4756)\n- [http://cxib.net/stuff/glob-0day.c](http://cxib.net/stuff/glob-0day.c)\n- [http://securityreason.com/achievement_securityalert/89](http://securityreason.com/achievement_securityalert/89)\n- [http://securityreason.com/exploitalert/9223](http://securityreason.com/exploitalert/9223)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=681681](https://bugzilla.redhat.com/show_bug.cgi?id=681681)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-399",
                  "deb"
                ],
                "cvssv3_baseScore": 4.3,
                "security-severity": "4.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547373",
              "shortDescription": {
                "text": "Low severity - CVE-2019-1010023 vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-1010023) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-1010023](https://security-tracker.debian.org/tracker/CVE-2019-1010023)\n- [https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22851](https://sourceware.org/bugzilla/show_bug.cgi?id=22851)\n- [http://www.securityfocus.com/bid/109167](http://www.securityfocus.com/bid/109167)\n- [https://ubuntu.com/security/CVE-2019-1010023](https://ubuntu.com/security/CVE-2019-1010023)\n- [https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GNUPG2-3330747",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in gnupg2"
              },
              "fullDescription": {
                "text": "(CVE-2022-3219) gnupg2/gpgv@2.2.40-1.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gnupg2` package and not the `gnupg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.\n## Remediation\nThere is no fixed version for `Debian:12` `gnupg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2022-3219](https://security-tracker.debian.org/tracker/CVE-2022-3219)\n- [https://access.redhat.com/security/cve/CVE-2022-3219](https://access.redhat.com/security/cve/CVE-2022-3219)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2127010](https://bugzilla.redhat.com/show_bug.cgi?id=2127010)\n- [https://dev.gnupg.org/D556](https://dev.gnupg.org/D556)\n- [https://dev.gnupg.org/T5993](https://dev.gnupg.org/T5993)\n- [https://marc.info/?l=oss-security&m=165696590211434&w=4](https://marc.info/?l=oss-security&m=165696590211434&w=4)\n- [https://security.netapp.com/advisory/ntap-20230324-0001/](https://security.netapp.com/advisory/ntap-20230324-0001/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 3.3,
                "security-severity": "3.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GNUTLS28-1547121",
              "shortDescription": {
                "text": "Low severity - Improper Input Validation vulnerability in gnutls28"
              },
              "fullDescription": {
                "text": "(CVE-2011-3389) gnutls28/libgnutls30@3.7.9-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gnutls28` package and not the `gnutls28` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.\n## Remediation\nThere is no fixed version for `Debian:12` `gnutls28`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2011-3389](https://security-tracker.debian.org/tracker/CVE-2011-3389)\n- [http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html](http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html)\n- [http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html](http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html)\n- [http://support.apple.com/kb/HT4999](http://support.apple.com/kb/HT4999)\n- [http://support.apple.com/kb/HT5001](http://support.apple.com/kb/HT5001)\n- [http://support.apple.com/kb/HT5130](http://support.apple.com/kb/HT5130)\n- [http://support.apple.com/kb/HT5281](http://support.apple.com/kb/HT5281)\n- [http://support.apple.com/kb/HT5501](http://support.apple.com/kb/HT5501)\n- [http://support.apple.com/kb/HT6150](http://support.apple.com/kb/HT6150)\n- [http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html](http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html)\n- [http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html](http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html)\n- [http://lists.apple.com/archives/security-announce/2012/May/msg00001.html](http://lists.apple.com/archives/security-announce/2012/May/msg00001.html)\n- [http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html](http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html)\n- [http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html](http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html)\n- [http://www.us-cert.gov/cas/techalerts/TA12-010A.html](http://www.us-cert.gov/cas/techalerts/TA12-010A.html)\n- [http://www.kb.cert.org/vuls/id/864643](http://www.kb.cert.org/vuls/id/864643)\n- [http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html](http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html)\n- [http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/](http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/)\n- [http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx](http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx)\n- [http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx](http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx)\n- [http://curl.haxx.se/docs/adv_20120124B.html](http://curl.haxx.se/docs/adv_20120124B.html)\n- [http://downloads.asterisk.org/pub/security/AST-2016-001.html](http://downloads.asterisk.org/pub/security/AST-2016-001.html)\n- [http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue](http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue)\n- [https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail](https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail)\n- [https://bugzilla.novell.com/show_bug.cgi?id=719047](https://bugzilla.novell.com/show_bug.cgi?id=719047)\n- [https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf)\n- [http://technet.microsoft.com/security/advisory/2588513](http://technet.microsoft.com/security/advisory/2588513)\n- [http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf](http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf)\n- [http://www.ibm.com/developerworks/java/jdk/alerts/](http://www.ibm.com/developerworks/java/jdk/alerts/)\n- [http://www.imperialviolet.org/2011/09/23/chromeandbeast.html](http://www.imperialviolet.org/2011/09/23/chromeandbeast.html)\n- [http://www.opera.com/docs/changelogs/mac/1151/](http://www.opera.com/docs/changelogs/mac/1151/)\n- [http://www.opera.com/docs/changelogs/mac/1160/](http://www.opera.com/docs/changelogs/mac/1160/)\n- [http://www.opera.com/docs/changelogs/unix/1151/](http://www.opera.com/docs/changelogs/unix/1151/)\n- [http://www.opera.com/docs/changelogs/unix/1160/](http://www.opera.com/docs/changelogs/unix/1160/)\n- [http://www.opera.com/docs/changelogs/windows/1151/](http://www.opera.com/docs/changelogs/windows/1151/)\n- [http://www.opera.com/docs/changelogs/windows/1160/](http://www.opera.com/docs/changelogs/windows/1160/)\n- [http://www.opera.com/support/kb/view/1004/](http://www.opera.com/support/kb/view/1004/)\n- [http://www.debian.org/security/2012/dsa-2398](http://www.debian.org/security/2012/dsa-2398)\n- [http://security.gentoo.org/glsa/glsa-201203-02.xml](http://security.gentoo.org/glsa/glsa-201203-02.xml)\n- [http://security.gentoo.org/glsa/glsa-201406-32.xml](http://security.gentoo.org/glsa/glsa-201406-32.xml)\n- [https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862](https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862)\n- [http://marc.info/?l=bugtraq&m=132750579901589&w=2](http://marc.info/?l=bugtraq&m=132750579901589&w=2)\n- [http://marc.info/?l=bugtraq&m=132872385320240&w=2](http://marc.info/?l=bugtraq&m=132872385320240&w=2)\n- [http://marc.info/?l=bugtraq&m=133365109612558&w=2](http://marc.info/?l=bugtraq&m=133365109612558&w=2)\n- [http://marc.info/?l=bugtraq&m=133728004526190&w=2](http://marc.info/?l=bugtraq&m=133728004526190&w=2)\n- [http://marc.info/?l=bugtraq&m=134254866602253&w=2](http://marc.info/?l=bugtraq&m=134254866602253&w=2)\n- [http://marc.info/?l=bugtraq&m=134254957702612&w=2](http://marc.info/?l=bugtraq&m=134254957702612&w=2)\n- [http://ekoparty.org/2011/juliano-rizzo.php](http://ekoparty.org/2011/juliano-rizzo.php)\n- [http://eprint.iacr.org/2004/111](http://eprint.iacr.org/2004/111)\n- [http://eprint.iacr.org/2006/136](http://eprint.iacr.org/2006/136)\n- [http://isc.sans.edu/diary/SSL+TLS+part+3+/11635](http://isc.sans.edu/diary/SSL+TLS+part+3+/11635)\n- [https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02](https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02)\n- [http://vnhacker.blogspot.com/2011/09/beast.html](http://vnhacker.blogspot.com/2011/09/beast.html)\n- [http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html](http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html)\n- [http://www.insecure.cl/Beast-SSL.rar](http://www.insecure.cl/Beast-SSL.rar)\n- [https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006)\n- [http://technet.microsoft.com/security/bulletin/MS12-006](http://technet.microsoft.com/security/bulletin/MS12-006)\n- [http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html](http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html)\n- [http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html](http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html)\n- [http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html](http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html)\n- [http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html](http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html)\n- [http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html](http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html)\n- [http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html](http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html)\n- [http://osvdb.org/74829](http://osvdb.org/74829)\n- [https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752](https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=737506](https://bugzilla.redhat.com/show_bug.cgi?id=737506)\n- [http://rhn.redhat.com/errata/RHSA-2012-0508.html](http://rhn.redhat.com/errata/RHSA-2012-0508.html)\n- [http://rhn.redhat.com/errata/RHSA-2013-1455.html](http://rhn.redhat.com/errata/RHSA-2013-1455.html)\n- [http://secunia.com/advisories/45791](http://secunia.com/advisories/45791)\n- [http://secunia.com/advisories/47998](http://secunia.com/advisories/47998)\n- [http://secunia.com/advisories/48256](http://secunia.com/advisories/48256)\n- [http://secunia.com/advisories/48692](http://secunia.com/advisories/48692)\n- [http://secunia.com/advisories/48915](http://secunia.com/advisories/48915)\n- [http://secunia.com/advisories/48948](http://secunia.com/advisories/48948)\n- [http://secunia.com/advisories/49198](http://secunia.com/advisories/49198)\n- [http://secunia.com/advisories/55322](http://secunia.com/advisories/55322)\n- [http://secunia.com/advisories/55350](http://secunia.com/advisories/55350)\n- [http://secunia.com/advisories/55351](http://secunia.com/advisories/55351)\n- [http://www.securityfocus.com/bid/49388](http://www.securityfocus.com/bid/49388)\n- [http://www.securityfocus.com/bid/49778](http://www.securityfocus.com/bid/49778)\n- [http://www.securitytracker.com/id?1025997](http://www.securitytracker.com/id?1025997)\n- [http://www.securitytracker.com/id?1026103](http://www.securitytracker.com/id?1026103)\n- [http://www.securitytracker.com/id?1026704](http://www.securitytracker.com/id?1026704)\n- [http://www.securitytracker.com/id/1029190](http://www.securitytracker.com/id/1029190)\n- [http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html](http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html)\n- [https://hermes.opensuse.org/messages/13154861](https://hermes.opensuse.org/messages/13154861)\n- [https://hermes.opensuse.org/messages/13155432](https://hermes.opensuse.org/messages/13155432)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2011-3389](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2011-3389)\n- [http://www.ubuntu.com/usn/USN-1263-1](http://www.ubuntu.com/usn/USN-1263-1)\n- [http://www.mandriva.com/security/advisories?name=MDVSA-2012:058](http://www.mandriva.com/security/advisories?name=MDVSA-2012:058)\n- [http://www.redhat.com/support/errata/RHSA-2011-1384.html](http://www.redhat.com/support/errata/RHSA-2011-1384.html)\n- [http://www.redhat.com/support/errata/RHSA-2012-0006.html](http://www.redhat.com/support/errata/RHSA-2012-0006.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-20",
                  "deb"
                ],
                "cvssv3_baseScore": 4.3,
                "security-severity": "4.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBGCRYPT20-1550206",
              "shortDescription": {
                "text": "Low severity - Use of a Broken or Risky Cryptographic Algorithm vulnerability in libgcrypt20"
              },
              "fullDescription": {
                "text": "(CVE-2018-6829) libgcrypt20@1.10.1-3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libgcrypt20` package and not the `libgcrypt20` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\ncipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.\n## Remediation\nThere is no fixed version for `Debian:12` `libgcrypt20`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-6829](https://security-tracker.debian.org/tracker/CVE-2018-6829)\n- [https://github.com/weikengchen/attack-on-libgcrypt-elgamal](https://github.com/weikengchen/attack-on-libgcrypt-elgamal)\n- [https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki](https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki)\n- [https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html](https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html)\n- [https://www.oracle.com/security-alerts/cpujan2020.html](https://www.oracle.com/security-alerts/cpujan2020.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-327",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBGCRYPT20-6405981",
              "shortDescription": {
                "text": "Low severity - Information Exposure vulnerability in libgcrypt20"
              },
              "fullDescription": {
                "text": "(CVE-2024-2236) libgcrypt20@1.10.1-3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libgcrypt20` package and not the `libgcrypt20` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.\n## Remediation\nThere is no fixed version for `Debian:12` `libgcrypt20`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-2236](https://security-tracker.debian.org/tracker/CVE-2024-2236)\n- [https://access.redhat.com/security/cve/CVE-2024-2236](https://access.redhat.com/security/cve/CVE-2024-2236)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2268268](https://bugzilla.redhat.com/show_bug.cgi?id=2268268)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2245218](https://bugzilla.redhat.com/show_bug.cgi?id=2245218)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-208",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-NCURSES-6123823",
              "shortDescription": {
                "text": "Low severity - CVE-2023-50495 vulnerability in ncurses"
              },
              "fullDescription": {
                "text": "(CVE-2023-50495) ncurses/libtinfo6@6.4-4"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `ncurses` package and not the `ncurses` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nNCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().\n## Remediation\nThere is no fixed version for `Debian:12` `ncurses`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-50495](https://security-tracker.debian.org/tracker/CVE-2023-50495)\n- [https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html](https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html)\n- [https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html](https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html)\n- [https://security.netapp.com/advisory/ntap-20240119-0008/](https://security.netapp.com/advisory/ntap-20240119-0008/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-NCURSES-6252773",
              "shortDescription": {
                "text": "Low severity - CVE-2023-45918 vulnerability in ncurses"
              },
              "fullDescription": {
                "text": "(CVE-2023-45918) ncurses/libtinfo6@6.4-4"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `ncurses` package and not the `ncurses` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.\n## Remediation\nThere is no fixed version for `Debian:12` `ncurses`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-45918](https://security-tracker.debian.org/tracker/CVE-2023-45918)\n- [https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html](https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html)\n- [https://security.netapp.com/advisory/ntap-20240315-0006/](https://security.netapp.com/advisory/ntap-20240315-0006/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PAM-6178914",
              "shortDescription": {
                "text": "Low severity - CVE-2024-22365 vulnerability in pam"
              },
              "fullDescription": {
                "text": "(CVE-2024-22365) pam/libpam0g@1.5.2-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `pam` package and not the `pam` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.\n## Remediation\nThere is no fixed version for `Debian:12` `pam`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-22365](https://security-tracker.debian.org/tracker/CVE-2024-22365)\n- [http://www.openwall.com/lists/oss-security/2024/01/18/3](http://www.openwall.com/lists/oss-security/2024/01/18/3)\n- [https://github.com/linux-pam/linux-pam](https://github.com/linux-pam/linux-pam)\n- [https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb](https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb)\n- [https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0](https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PAM-8303301",
              "shortDescription": {
                "text": "Medium severity - CVE-2024-10041 vulnerability in pam"
              },
              "fullDescription": {
                "text": "(CVE-2024-10041) pam/libpam0g@1.5.2-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `pam` package and not the `pam` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.\n## Remediation\nThere is no fixed version for `Debian:12` `pam`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-10041](https://security-tracker.debian.org/tracker/CVE-2024-10041)\n- [https://access.redhat.com/security/cve/CVE-2024-10041](https://access.redhat.com/security/cve/CVE-2024-10041)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2319212](https://bugzilla.redhat.com/show_bug.cgi?id=2319212)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 4.7,
                "security-severity": "4.7"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PERL-1556505",
              "shortDescription": {
                "text": "Low severity - Link Following vulnerability in perl"
              },
              "fullDescription": {
                "text": "(CVE-2011-4116) perl/perl-base@5.36.0-7+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `perl` package and not the `perl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\n_is_safe in the File::Temp module for Perl does not properly handle symlinks.\n## Remediation\nThere is no fixed version for `Debian:12` `perl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2011-4116](https://security-tracker.debian.org/tracker/CVE-2011-4116)\n- [https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14](https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14)\n- [https://rt.cpan.org/Public/Bug/Display.html?id=69106](https://rt.cpan.org/Public/Bug/Display.html?id=69106)\n- [https://seclists.org/oss-sec/2011/q4/238](https://seclists.org/oss-sec/2011/q4/238)\n- [http://www.openwall.com/lists/oss-security/2011/11/04/2](http://www.openwall.com/lists/oss-security/2011/11/04/2)\n- [http://www.openwall.com/lists/oss-security/2011/11/04/4](http://www.openwall.com/lists/oss-security/2011/11/04/4)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-59",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PERL-5489184",
              "shortDescription": {
                "text": "Low severity - Improper Certificate Validation vulnerability in perl"
              },
              "fullDescription": {
                "text": "(CVE-2023-31486) perl/perl-base@5.36.0-7+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `perl` package and not the `perl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nHTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.\n## Remediation\nThere is no fixed version for `Debian:12` `perl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31486](https://security-tracker.debian.org/tracker/CVE-2023-31486)\n- [http://www.openwall.com/lists/oss-security/2023/04/29/1](http://www.openwall.com/lists/oss-security/2023/04/29/1)\n- [http://www.openwall.com/lists/oss-security/2023/05/03/3](http://www.openwall.com/lists/oss-security/2023/05/03/3)\n- [http://www.openwall.com/lists/oss-security/2023/05/03/5](http://www.openwall.com/lists/oss-security/2023/05/03/5)\n- [http://www.openwall.com/lists/oss-security/2023/05/07/2](http://www.openwall.com/lists/oss-security/2023/05/07/2)\n- [https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/](https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/)\n- [https://hackeriet.github.io/cpan-http-tiny-overview/](https://hackeriet.github.io/cpan-http-tiny-overview/)\n- [https://www.openwall.com/lists/oss-security/2023/04/18/14](https://www.openwall.com/lists/oss-security/2023/04/18/14)\n- [https://www.openwall.com/lists/oss-security/2023/05/03/4](https://www.openwall.com/lists/oss-security/2023/05/03/4)\n- [https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/](https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/)\n- [https://github.com/chansen/p5-http-tiny/pull/153](https://github.com/chansen/p5-http-tiny/pull/153)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-295",
                  "deb"
                ],
                "cvssv3_baseScore": 8.1,
                "security-severity": "8.1"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PERL-5489190",
              "shortDescription": {
                "text": "Low severity - Improper Certificate Validation vulnerability in perl"
              },
              "fullDescription": {
                "text": "(CVE-2023-31484) perl/perl-base@5.36.0-7+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `perl` package and not the `perl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nCPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.\n## Remediation\nThere is no fixed version for `Debian:12` `perl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31484](https://security-tracker.debian.org/tracker/CVE-2023-31484)\n- [http://www.openwall.com/lists/oss-security/2023/04/29/1](http://www.openwall.com/lists/oss-security/2023/04/29/1)\n- [http://www.openwall.com/lists/oss-security/2023/05/03/3](http://www.openwall.com/lists/oss-security/2023/05/03/3)\n- [http://www.openwall.com/lists/oss-security/2023/05/03/5](http://www.openwall.com/lists/oss-security/2023/05/03/5)\n- [http://www.openwall.com/lists/oss-security/2023/05/07/2](http://www.openwall.com/lists/oss-security/2023/05/07/2)\n- [https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/](https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/)\n- [https://github.com/andk/cpanpm/pull/175](https://github.com/andk/cpanpm/pull/175)\n- [https://metacpan.org/dist/CPAN/changes](https://metacpan.org/dist/CPAN/changes)\n- [https://www.openwall.com/lists/oss-security/2023/04/18/14](https://www.openwall.com/lists/oss-security/2023/04/18/14)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/)\n- [https://security.netapp.com/advisory/ntap-20240621-0007/](https://security.netapp.com/advisory/ntap-20240621-0007/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-295",
                  "deb"
                ],
                "cvssv3_baseScore": 8.1,
                "security-severity": "8.1"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SHADOW-1559391",
              "shortDescription": {
                "text": "Low severity - Access Restriction Bypass vulnerability in shadow"
              },
              "fullDescription": {
                "text": "(CVE-2007-5686) shadow/passwd@1:4.13+dfsg1-1+b1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `shadow` package and not the `shadow` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\ninitscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.\n## Remediation\nThere is no fixed version for `Debian:12` `shadow`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2007-5686](https://security-tracker.debian.org/tracker/CVE-2007-5686)\n- [http://www.securityfocus.com/archive/1/482129/100/100/threaded](http://www.securityfocus.com/archive/1/482129/100/100/threaded)\n- [http://www.securityfocus.com/archive/1/482857/100/0/threaded](http://www.securityfocus.com/archive/1/482857/100/0/threaded)\n- [https://issues.rpath.com/browse/RPL-1825](https://issues.rpath.com/browse/RPL-1825)\n- [http://secunia.com/advisories/27215](http://secunia.com/advisories/27215)\n- [http://www.securityfocus.com/bid/26048](http://www.securityfocus.com/bid/26048)\n- [http://www.vupen.com/english/advisories/2007/3474](http://www.vupen.com/english/advisories/2007/3474)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-264",
                  "deb"
                ],
                "cvssv3_baseScore": 6.2,
                "security-severity": "6.2"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SHADOW-5423923",
              "shortDescription": {
                "text": "Low severity - Arbitrary Code Injection vulnerability in shadow"
              },
              "fullDescription": {
                "text": "(CVE-2023-29383) shadow/passwd@1:4.13+dfsg1-1+b1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `shadow` package and not the `shadow` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.\n## Remediation\nThere is no fixed version for `Debian:12` `shadow`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-29383](https://security-tracker.debian.org/tracker/CVE-2023-29383)\n- [https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d](https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d)\n- [https://github.com/shadow-maint/shadow/pull/687](https://github.com/shadow-maint/shadow/pull/687)\n- [https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/)\n- [https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797](https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-74",
                  "deb"
                ],
                "cvssv3_baseScore": 3.3,
                "security-severity": "3.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SHADOW-5879156",
              "shortDescription": {
                "text": "Low severity - Improper Authentication vulnerability in shadow"
              },
              "fullDescription": {
                "text": "(CVE-2023-4641) shadow/passwd@1:4.13+dfsg1-1+b1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `shadow` package and not the `shadow` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.\n## Remediation\nThere is no fixed version for `Debian:12` `shadow`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-4641](https://security-tracker.debian.org/tracker/CVE-2023-4641)\n- [https://access.redhat.com/errata/RHSA-2023:6632](https://access.redhat.com/errata/RHSA-2023:6632)\n- [https://access.redhat.com/errata/RHSA-2023:7112](https://access.redhat.com/errata/RHSA-2023:7112)\n- [https://access.redhat.com/security/cve/CVE-2023-4641](https://access.redhat.com/security/cve/CVE-2023-4641)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2215945](https://bugzilla.redhat.com/show_bug.cgi?id=2215945)\n- [https://access.redhat.com/errata/RHSA-2024:0417](https://access.redhat.com/errata/RHSA-2024:0417)\n- [https://access.redhat.com/errata/RHSA-2024:2577](https://access.redhat.com/errata/RHSA-2024:2577)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-287",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SYSTEMD-1560739",
              "shortDescription": {
                "text": "Low severity - Link Following vulnerability in systemd"
              },
              "fullDescription": {
                "text": "(CVE-2013-4392) systemd/libsystemd0@252.30-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `systemd` package and not the `systemd` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nsystemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.\n## Remediation\nThere is no fixed version for `Debian:12` `systemd`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2013-4392](https://security-tracker.debian.org/tracker/CVE-2013-4392)\n- [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357)\n- [http://www.openwall.com/lists/oss-security/2013/10/01/9](http://www.openwall.com/lists/oss-security/2013/10/01/9)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=859060](https://bugzilla.redhat.com/show_bug.cgi?id=859060)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-59",
                  "deb"
                ],
                "cvssv3_baseScore": 4.4,
                "security-severity": "4.4"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SYSTEMD-5733385",
              "shortDescription": {
                "text": "Low severity - Improper Validation of Integrity Check Value vulnerability in systemd"
              },
              "fullDescription": {
                "text": "(CVE-2023-31437) systemd/libsystemd0@252.30-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `systemd` package and not the `systemd` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."\n## Remediation\nThere is no fixed version for `Debian:12` `systemd`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31437](https://security-tracker.debian.org/tracker/CVE-2023-31437)\n- [https://github.com/kastel-security/Journald](https://github.com/kastel-security/Journald)\n- [https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf](https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf)\n- [https://github.com/systemd/systemd/releases](https://github.com/systemd/systemd/releases)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-354",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SYSTEMD-5733390",
              "shortDescription": {
                "text": "Low severity - Improper Validation of Integrity Check Value vulnerability in systemd"
              },
              "fullDescription": {
                "text": "(CVE-2023-31438) systemd/libsystemd0@252.30-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `systemd` package and not the `systemd` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."\n## Remediation\nThere is no fixed version for `Debian:12` `systemd`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31438](https://security-tracker.debian.org/tracker/CVE-2023-31438)\n- [https://github.com/kastel-security/Journald](https://github.com/kastel-security/Journald)\n- [https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf](https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf)\n- [https://github.com/systemd/systemd/releases](https://github.com/systemd/systemd/releases)\n- [https://github.com/systemd/systemd/pull/28886](https://github.com/systemd/systemd/pull/28886)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-354",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SYSTEMD-5733398",
              "shortDescription": {
                "text": "Low severity - Improper Validation of Integrity Check Value vulnerability in systemd"
              },
              "fullDescription": {
                "text": "(CVE-2023-31439) systemd/libsystemd0@252.30-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `systemd` package and not the `systemd` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."\n## Remediation\nThere is no fixed version for `Debian:12` `systemd`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31439](https://security-tracker.debian.org/tracker/CVE-2023-31439)\n- [https://github.com/kastel-security/Journald](https://github.com/kastel-security/Journald)\n- [https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf](https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf)\n- [https://github.com/systemd/systemd/releases](https://github.com/systemd/systemd/releases)\n- [https://github.com/systemd/systemd/pull/28885](https://github.com/systemd/systemd/pull/28885)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-354",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TAR-1560620",
              "shortDescription": {
                "text": "Low severity - CVE-2005-2541 vulnerability in tar"
              },
              "fullDescription": {
                "text": "(CVE-2005-2541) tar@1.34+dfsg-1.2+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tar` package and not the `tar` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nTar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.\n## Remediation\nThere is no fixed version for `Debian:12` `tar`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2005-2541](https://security-tracker.debian.org/tracker/CVE-2005-2541)\n- [http://marc.info/?l=bugtraq&m=112327628230258&w=2](http://marc.info/?l=bugtraq&m=112327628230258&w=2)\n- [https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E](https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E)\n- [https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E](https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-UTILLINUX-2401083",
              "shortDescription": {
                "text": "Low severity - Information Exposure vulnerability in util-linux"
              },
              "fullDescription": {
                "text": "(CVE-2022-0563) util-linux/libblkid1@2.38.1-5+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `util-linux` package and not the `util-linux` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.\n## Remediation\nThere is no fixed version for `Debian:12` `util-linux`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)\n- [https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u](https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u)\n- [https://security.netapp.com/advisory/ntap-20220331-0002/](https://security.netapp.com/advisory/ntap-20220331-0002/)\n- [https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u](https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u)\n- [https://security.gentoo.org/glsa/202401-08](https://security.gentoo.org/glsa/202401-08)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-209",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-ZLIB-6008963",
              "shortDescription": {
                "text": "Critical severity - Integer Overflow or Wraparound vulnerability in zlib"
              },
              "fullDescription": {
                "text": "(CVE-2023-45853) zlib/zlib1g@1:1.2.13.dfsg-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `zlib` package and not the `zlib` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nMiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.\n## Remediation\nThere is no fixed version for `Debian:12` `zlib`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-45853](https://security-tracker.debian.org/tracker/CVE-2023-45853)\n- [https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356](https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356)\n- [https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61](https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61)\n- [https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4](https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4)\n- [https://github.com/madler/zlib/pull/843](https://github.com/madler/zlib/pull/843)\n- [https://www.winimage.com/zLibDll/minizip.html](https://www.winimage.com/zLibDll/minizip.html)\n- [http://www.openwall.com/lists/oss-security/2023/10/20/9](http://www.openwall.com/lists/oss-security/2023/10/20/9)\n- [https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html](https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html)\n- [https://security.netapp.com/advisory/ntap-20231130-0009/](https://security.netapp.com/advisory/ntap-20231130-0009/)\n- [https://pypi.org/project/pyminizip/#history](https://pypi.org/project/pyminizip/#history)\n- [https://security.gentoo.org/glsa/202401-18](https://security.gentoo.org/glsa/202401-18)\n- [http://www.openwall.com/lists/oss-security/2024/01/24/10](http://www.openwall.com/lists/oss-security/2024/01/24/10)\n"
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-190",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            },
            {
              "id": "SNYK-UPSTREAM-NODE-7430907",
              "shortDescription": {
                "text": "Low severity - Authorization Bypass vulnerability in node"
              },
              "fullDescription": {
                "text": "(CVE-2024-36137) node@18.20.4"
              },
              "help": {
                "text": "",
                "markdown": "## Overview\n[node](https://nodejs.org/en/) is a JavaScript runtime built on Chrome's V8 JavaScript engine.\n\nAffected versions of this package are vulnerable to Authorization Bypass via `fs.fchown` or `fs.fchmod` operations which can use a \"read-only\" file descriptor to change the owner and permissions of a file.\r\n\r\n**Note:** This is only exploitable for users using the experimental permission when the `--allow-fs-write` flag is used\n## Remediation\nUpgrade `node` to version 20.15.1, 22.4.1 or higher.\n## References\n- [GitHub New Releases](https://github.com/nodejs/node/releases/tag/v20.15.1)\n- [GitHub New Releases](https://github.com/nodejs/node/releases/tag/v22.4.1)\n- [Nodejs Blog](https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#fsfchownfchmod-bypasses-permission-model-cve-2024-36137---low)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-285",
                  "deb"
                ],
                "cvssv3_baseScore": 2.3,
                "security-severity": "2.3"
              }
            },
            {
              "id": "SNYK-UPSTREAM-NODE-7430909",
              "shortDescription": {
                "text": "Low severity - Authorization Bypass vulnerability in node"
              },
              "fullDescription": {
                "text": "(CVE-2024-22018) node@18.20.4"
              },
              "help": {
                "text": "",
                "markdown": "## Overview\n[node](https://nodejs.org/en/) is a JavaScript runtime built on Chrome's V8 JavaScript engine.\n\nAffected versions of this package are vulnerable to Authorization Bypass due to a failure to restrict file stats through the `fs.lstat` API that allows attackers to retrieve stats from files to which they do not have explicit read access.\r\n\r\n**Note:** This is exploitable only for users of the experimental permission model when the `--allow-fs-read` flag is used.\n## Remediation\nUpgrade `node` to version 20.15.1, 22.4.1 or higher.\n## References\n- [GitHub New Releases](https://github.com/nodejs/node/releases/tag/v20.15.1)\n- [GitHub New Releases](https://github.com/nodejs/node/releases/tag/v22.4.1)\n- [Nodejs Blog](https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-incomplete-fix-of-cve-2024-27980-cve-2024-36138---high)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-285",
                  "deb"
                ],
                "cvssv3_baseScore": 2.3,
                "security-severity": "2.3"
              }
            },
            {
              "id": "SNYK-UPSTREAM-NODE-7430912",
              "shortDescription": {
                "text": "Low severity - Improper Handling of Values vulnerability in node"
              },
              "fullDescription": {
                "text": "(CVE-2024-37372) node@18.20.4"
              },
              "help": {
                "text": "",
                "markdown": "## Overview\n[node](https://nodejs.org/en/) is a JavaScript runtime built on Chrome's V8 JavaScript engine.\n\nAffected versions of this package are vulnerable to Improper Handling of Values. This is because the Permission Model assumes wrongly that any path starting with two backslashes `\\` has a four-character prefix that can be ignored.\r\n\r\n**Note:**  This vulnerability affects only Windows users of the Node.js Permission Model\n## Remediation\nUpgrade `node` to version 20.15.1, 22.4.1 or higher.\n## References\n- [GitHub New Releases](https://github.com/nodejs/node/releases/tag/v20.15.1)\n- [GitHub New Releases](https://github.com/nodejs/node/releases/tag/v22.4.1)\n- [Nodejs Blog](https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-incomplete-fix-of-cve-2024-27980-cve-2024-36138---high)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-229",
                  "deb"
                ],
                "cvssv3_baseScore": 2.3,
                "security-severity": "2.3"
              }
            }
          ]
        }
      },
      "results": [
        {
          "ruleId": "SNYK-DEBIAN12-APT-1541449",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable apt package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "apt@2.6.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-COREUTILS-1543939",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable coreutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "coreutils@9.1-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-COREUTILS-1543947",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable coreutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "coreutils@9.1-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GCC12-2606941",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable gcc-12 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "gcc-12@12.2.0-14"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GCC12-5901316",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable gcc-12 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "gcc-12@12.2.0-14"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1546991",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547039",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547069",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547135",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547196",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547293",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547373",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GNUPG2-3330747",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable gnupg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "gnupg2@2.2.40-1.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GNUTLS28-1547121",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable gnutls28 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "gnutls28@3.7.9-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBGCRYPT20-1550206",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libgcrypt20 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libgcrypt20@1.10.1-3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBGCRYPT20-6405981",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libgcrypt20 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libgcrypt20@1.10.1-3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-NCURSES-6123823",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable ncurses package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "ncurses@6.4-4"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-NCURSES-6252773",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable ncurses package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "ncurses@6.4-4"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PAM-6178914",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable pam package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "pam@1.5.2-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PAM-8303301",
          "level": "warning",
          "message": {
            "text": "This file introduces a vulnerable pam package with a medium severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "pam@1.5.2-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PERL-1556505",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable perl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "perl@5.36.0-7+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PERL-5489184",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable perl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "perl@5.36.0-7+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PERL-5489190",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable perl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "perl@5.36.0-7+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SHADOW-1559391",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable shadow package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "shadow@1:4.13+dfsg1-1+b1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SHADOW-5423923",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable shadow package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "shadow@1:4.13+dfsg1-1+b1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SHADOW-5879156",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable shadow package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "shadow@1:4.13+dfsg1-1+b1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SYSTEMD-1560739",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable systemd package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "systemd@252.30-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SYSTEMD-5733385",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable systemd package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "systemd@252.30-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SYSTEMD-5733390",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable systemd package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "systemd@252.30-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SYSTEMD-5733398",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable systemd package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "systemd@252.30-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TAR-1560620",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tar package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tar@1.34+dfsg-1.2+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-UTILLINUX-2401083",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable util-linux package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "util-linux@2.38.1-5+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-ZLIB-6008963",
          "level": "error",
          "message": {
            "text": "This file introduces a vulnerable zlib package with a critical severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "zlib@1:1.2.13.dfsg-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-UPSTREAM-NODE-7430907",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable node package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "node@18.20.4"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-UPSTREAM-NODE-7430909",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable node package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "node@18.20.4"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-UPSTREAM-NODE-7430912",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable node package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/nodejs-goof-insights_v1.0.0/nodejs-goof-insights"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "node@18.20.4"
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}