1
1
# Vulnerability Report
2
2
3
3
```
4
- Report date: 2024-03-30
5
- Unique vulnerability count: 24
6
- Images version: 2.8.4
4
+ Report date: 2024-04-04
5
+ Unique vulnerability count: 17
6
+ Images version: 2.8.5-beta1
7
7
```
8
8
9
9
## Scanner Details
@@ -23,116 +23,90 @@ Supported DB Schema: 5
23
23
24
24
## Vulnerabilities
25
25
26
- ### weave-kube: (24 )
26
+ ### weave-kube: (17 )
27
27
28
28
```
29
- NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
30
- busybox 1.36.1-r15 apk CVE-2023-42366 Medium
31
- busybox 1.36.1-r15 apk CVE-2023-42365 Medium
32
- busybox 1.36.1-r15 apk CVE-2023-42364 Medium
33
- busybox 1.36.1-r15 apk CVE-2023-42363 Medium
34
- busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
35
- busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
36
- busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
37
- busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
38
- c-ares 1.24.0-r1 1.27.0-r0 apk CVE-2024-25629 Medium
39
- curl 8.5.0-r0 apk CVE-2024-0853 Medium
40
- curl 8.5.0-r0 apk CVE-2024-2466 Unknown
41
- curl 8.5.0-r0 apk CVE-2024-2398 Unknown
42
- curl 8.5.0-r0 apk CVE-2024-2004 Unknown
43
- github.com/docker/docker v24.0.7+incompatible 24.0.9 go-module GHSA-xw73-rw38-6vjc Medium
44
- libuv 1.47.0-r0 apk CVE-2024-24806 High
45
- ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
46
- ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
47
- ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
48
- ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
49
- stdlib go1.21.6 go-module CVE-2024-24785 Unknown
50
- stdlib go1.21.6 go-module CVE-2024-24784 Unknown
51
- stdlib go1.21.6 go-module CVE-2024-24783 Unknown
52
- stdlib go1.21.6 go-module CVE-2023-45290 Unknown
53
- stdlib go1.21.6 go-module CVE-2023-45289 Unknown
29
+ NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
30
+ busybox 1.36.1-r15 apk CVE-2023-42366 Medium
31
+ busybox 1.36.1-r15 apk CVE-2023-42365 Medium
32
+ busybox 1.36.1-r15 apk CVE-2023-42364 Medium
33
+ busybox 1.36.1-r15 apk CVE-2023-42363 Medium
34
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
35
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
36
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
37
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
38
+ curl 8.5.0-r0 apk CVE-2024-0853 Medium
39
+ curl 8.5.0-r0 apk CVE-2024-2466 Unknown
40
+ curl 8.5.0-r0 apk CVE-2024-2398 Unknown
41
+ curl 8.5.0-r0 apk CVE-2024-2004 Unknown
42
+ libuv 1.47.0-r0 apk CVE-2024-24806 High
43
+ ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
44
+ ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
45
+ ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
46
+ ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
54
47
```
55
48
56
- ### weave-npc: (17 )
49
+ ### weave-npc: (12 )
57
50
58
51
```
59
- NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
60
- busybox 1.36.1-r15 apk CVE-2023-42366 Medium
61
- busybox 1.36.1-r15 apk CVE-2023-42365 Medium
62
- busybox 1.36.1-r15 apk CVE-2023-42364 Medium
63
- busybox 1.36.1-r15 apk CVE-2023-42363 Medium
64
- busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
65
- busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
66
- busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
67
- busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
68
- ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
69
- ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
70
- ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
71
- ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
72
- stdlib go1.21.6 go-module CVE-2024-24785 Unknown
73
- stdlib go1.21.6 go-module CVE-2024-24784 Unknown
74
- stdlib go1.21.6 go-module CVE-2024-24783 Unknown
75
- stdlib go1.21.6 go-module CVE-2023-45290 Unknown
76
- stdlib go1.21.6 go-module CVE-2023-45289 Unknown
52
+ NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
53
+ busybox 1.36.1-r15 apk CVE-2023-42366 Medium
54
+ busybox 1.36.1-r15 apk CVE-2023-42365 Medium
55
+ busybox 1.36.1-r15 apk CVE-2023-42364 Medium
56
+ busybox 1.36.1-r15 apk CVE-2023-42363 Medium
57
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
58
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
59
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
60
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
61
+ ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
62
+ ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
63
+ ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
64
+ ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
77
65
```
78
66
79
- ### weave: (24 )
67
+ ### weave: (17 )
80
68
81
69
```
82
- NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
83
- busybox 1.36.1-r15 apk CVE-2023-42366 Medium
84
- busybox 1.36.1-r15 apk CVE-2023-42365 Medium
85
- busybox 1.36.1-r15 apk CVE-2023-42364 Medium
86
- busybox 1.36.1-r15 apk CVE-2023-42363 Medium
87
- busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
88
- busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
89
- busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
90
- busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
91
- c-ares 1.24.0-r1 1.27.0-r0 apk CVE-2024-25629 Medium
92
- curl 8.5.0-r0 apk CVE-2024-0853 Medium
93
- curl 8.5.0-r0 apk CVE-2024-2466 Unknown
94
- curl 8.5.0-r0 apk CVE-2024-2398 Unknown
95
- curl 8.5.0-r0 apk CVE-2024-2004 Unknown
96
- github.com/docker/docker v24.0.7+incompatible 24.0.9 go-module GHSA-xw73-rw38-6vjc Medium
97
- libuv 1.47.0-r0 apk CVE-2024-24806 High
98
- ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
99
- ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
100
- ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
101
- ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
102
- stdlib go1.21.6 go-module CVE-2024-24785 Unknown
103
- stdlib go1.21.6 go-module CVE-2024-24784 Unknown
104
- stdlib go1.21.6 go-module CVE-2024-24783 Unknown
105
- stdlib go1.21.6 go-module CVE-2023-45290 Unknown
106
- stdlib go1.21.6 go-module CVE-2023-45289 Unknown
70
+ NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
71
+ busybox 1.36.1-r15 apk CVE-2023-42366 Medium
72
+ busybox 1.36.1-r15 apk CVE-2023-42365 Medium
73
+ busybox 1.36.1-r15 apk CVE-2023-42364 Medium
74
+ busybox 1.36.1-r15 apk CVE-2023-42363 Medium
75
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
76
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
77
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
78
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
79
+ curl 8.5.0-r0 apk CVE-2024-0853 Medium
80
+ curl 8.5.0-r0 apk CVE-2024-2466 Unknown
81
+ curl 8.5.0-r0 apk CVE-2024-2398 Unknown
82
+ curl 8.5.0-r0 apk CVE-2024-2004 Unknown
83
+ libuv 1.47.0-r0 apk CVE-2024-24806 High
84
+ ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
85
+ ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
86
+ ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
87
+ ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
107
88
```
108
89
109
- ### weaveexec: (24 )
90
+ ### weaveexec: (17 )
110
91
111
92
```
112
- NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
113
- busybox 1.36.1-r15 apk CVE-2023-42366 Medium
114
- busybox 1.36.1-r15 apk CVE-2023-42365 Medium
115
- busybox 1.36.1-r15 apk CVE-2023-42364 Medium
116
- busybox 1.36.1-r15 apk CVE-2023-42363 Medium
117
- busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
118
- busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
119
- busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
120
- busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
121
- c-ares 1.24.0-r1 1.27.0-r0 apk CVE-2024-25629 Medium
122
- curl 8.5.0-r0 apk CVE-2024-0853 Medium
123
- curl 8.5.0-r0 apk CVE-2024-2466 Unknown
124
- curl 8.5.0-r0 apk CVE-2024-2398 Unknown
125
- curl 8.5.0-r0 apk CVE-2024-2004 Unknown
126
- github.com/docker/docker v24.0.7+incompatible 24.0.9 go-module GHSA-xw73-rw38-6vjc Medium
127
- libuv 1.47.0-r0 apk CVE-2024-24806 High
128
- ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
129
- ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
130
- ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
131
- ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
132
- stdlib go1.21.6 go-module CVE-2024-24785 Unknown
133
- stdlib go1.21.6 go-module CVE-2024-24784 Unknown
134
- stdlib go1.21.6 go-module CVE-2024-24783 Unknown
135
- stdlib go1.21.6 go-module CVE-2023-45290 Unknown
136
- stdlib go1.21.6 go-module CVE-2023-45289 Unknown
93
+ NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
94
+ busybox 1.36.1-r15 apk CVE-2023-42366 Medium
95
+ busybox 1.36.1-r15 apk CVE-2023-42365 Medium
96
+ busybox 1.36.1-r15 apk CVE-2023-42364 Medium
97
+ busybox 1.36.1-r15 apk CVE-2023-42363 Medium
98
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
99
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
100
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
101
+ busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
102
+ curl 8.5.0-r0 apk CVE-2024-0853 Medium
103
+ curl 8.5.0-r0 apk CVE-2024-2466 Unknown
104
+ curl 8.5.0-r0 apk CVE-2024-2398 Unknown
105
+ curl 8.5.0-r0 apk CVE-2024-2004 Unknown
106
+ libuv 1.47.0-r0 apk CVE-2024-24806 High
107
+ ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
108
+ ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
109
+ ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
110
+ ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
137
111
```
138
112
0 commit comments