Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

solve conflicts #2

Merged
merged 23 commits into from
Jan 21, 2024
Merged
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
028a445
Support "_FILE" environmental variables (#9069)
kiblik Jan 17, 2024
47f509f
Update dependency autoprefixer from 10.4.16 to v10.4.17 (docs/package…
renovate[bot] Jan 18, 2024
d8f12c2
Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.15 to v1…
renovate[bot] Jan 18, 2024
68d7e6e
Bump boto3 from 1.34.20 to 1.34.21 (#9357)
dependabot[bot] Jan 18, 2024
67c8f9f
Unittests for REMOTE_USER (#9021)
kiblik Jan 19, 2024
ca23b91
:tada: merge OpenVAS XML and CSV parsers (#9322)
manuel-sommer Jan 19, 2024
db19c44
:bug: fix #8435, advance semgrep (#9323)
manuel-sommer Jan 19, 2024
7dc1f7b
Improve kiuwan import parser (#9316)
flmarkus Jan 19, 2024
6a267b5
:bug: fix #7690, microfocus webinspect NoneType Object (#9327)
manuel-sommer Jan 19, 2024
65b1ae0
:bug: fix #6932, advance qualys for monthly pci scan (#9328)
manuel-sommer Jan 19, 2024
67f0e96
:sparkles: Implement Chef InSpec Parser (#9329)
manuel-sommer Jan 19, 2024
11552ef
Trivy Parser: Expand Unit Tests (#9334)
manuel-sommer Jan 19, 2024
acfe7ef
:sparkles: implement google cloud artifact scan (#9338)
manuel-sommer Jan 19, 2024
ddb8ecc
Adds ruff linter, fixes unused variables errors (#9123)
Maffooch Jan 19, 2024
d86fd43
Update ASFF parser to create endpoints (#9346)
manuel-sommer Jan 19, 2024
223ae56
Update to Node 20.x in all the places (#9349)
Maffooch Jan 19, 2024
a002f73
Enhancements to Govulncheck parser (#9339)
a-ruff Jan 19, 2024
f1e435e
:sparkles: advance parser docs to provide sample scan data (#9347)
manuel-sommer Jan 19, 2024
60009cd
Bump drf-spectacular from 0.27.0 to 0.27.1 (#9369)
dependabot[bot] Jan 19, 2024
d1a3e1e
Bump boto3 from 1.34.21 to 1.34.22 (#9368)
dependabot[bot] Jan 19, 2024
a5c40ff
Bump ruff from 0.1.7 to 0.1.13 (#9367)
dependabot[bot] Jan 19, 2024
f25a06b
Resolve new Ruff issues (#9364)
Maffooch Jan 19, 2024
62c96af
Merge branch 'wazuh-importer-improvements' into dev
quirinziessler Jan 21, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Trivy Parser: Expand Unit Tests (DefectDojo#9334)
* raise testcoverage to proof issue DefectDojo#9333 is working

* add unittestfile
manuel-sommer authored Jan 19, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 11552ef566073e698a18aa9799cef26cf1b18724
875 changes: 875 additions & 0 deletions unittests/scans/trivy/issue_9333.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,875 @@
{
"SchemaVersion": 2,
"CreatedAt": "2024-01-15T08:58:29.82753744Z",
"ArtifactName": "",
"ArtifactType": "container_image",
"Metadata": {
"OS": {
"Family": "debian",
"Name": "10.13"
},
"ImageID": "sha256:22ae3921bdaac434bb4cb92dbbc209e46b1f3f70e9fa0b5fbbb43ce7d452c72d",
"DiffIDs": [
"sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c",
"sha256:f1186e5061f20658954f6bfdfaead0abc5ed2371d70f707da05206e868a226ab",
"sha256:fe0fb3ab4a0f7be72784fcab5ef9c8fda65ea9b1067e8f7cdf293c12bcd25c13",
"sha256:c45660adde371317a1eafb102ee1d33b059328ec73a01b5c2461c4d04a40ecec",
"sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b",
"sha256:cb81227abde588a006a8b7ceac6034a303813efadc2c711fabf7b224649d183f",
"sha256:f8a91dd5fc84e4e5a1f261cf306ba1de28894524326d86eec0d74e9c0d22baec",
"sha256:3c777d951de2c488f73618f92b2adee8bd5de6f77e36bab51d57583bc487b99b",
"sha256:0d5f5a015e5d65973cce1dbab5aa60ce0836dbf2b3c9eabcb6efc89db1db3221",
"sha256:baa0956fea600c916f370870566aca1edf9a5ffc7facf51cfb1286e774f6e0e2",
"sha256:2f08eba9a3eddbb1e9dc2b70a25a1a3860807dac0d42c1e40fd890bbafbfba29",
"sha256:bf7d7d997f27e713b44ac0e763a38c46f9698e71e2243b0ffa80405d62d8c5e0"
],
"RepoTags": [
""
],
"RepoDigests": [
""
],
"ImageConfig": {
"architecture": "amd64",
"created": "2024-01-15T08:56:27.807609822Z",
"history": [
{
"created": "2023-04-12T00:20:15Z",
"created_by": "/bin/sh -c #(nop) ADD file:40953ed6e6f96703b2e0c13288437c2aaf8b3df33dbc423686290cbe0e595a5e in / "
},
{
"created": "2023-04-12T00:20:15Z",
"created_by": "/bin/sh -c #(nop) CMD [\"bash\"]",
"empty_layer": true
},
{
"created": "2023-04-12T07:52:41Z",
"created_by": "/bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tcurl \t\tnetbase \t\twget \t; \trm -rf /var/lib/apt/lists/*"
},
{
"created": "2023-04-12T07:52:47Z",
"created_by": "/bin/sh -c set -ex; \tif ! command -v gpg \u003e /dev/null; then \t\tapt-get update; \t\tapt-get install -y --no-install-recommends \t\t\tgnupg \t\t\tdirmngr \t\t; \t\trm -rf /var/lib/apt/lists/*; \tfi"
},
{
"created": "2023-04-12T07:53:05Z",
"created_by": "/bin/sh -c apt-get update \u0026\u0026 apt-get install -y --no-install-recommends \t\tgit \t\tmercurial \t\topenssh-client \t\tsubversion \t\t\t\tprocps \t\u0026\u0026 rm -rf /var/lib/apt/lists/*"
},
{
"created": "2023-04-12T07:54:04Z",
"created_by": "/bin/sh -c set -ex; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tautoconf \t\tautomake \t\tbzip2 \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\timagemagick \t\tlibbz2-dev \t\tlibc6-dev \t\tlibcurl4-openssl-dev \t\tlibdb-dev \t\tlibevent-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tlibglib2.0-dev \t\tlibgmp-dev \t\tlibjpeg-dev \t\tlibkrb5-dev \t\tliblzma-dev \t\tlibmagickcore-dev \t\tlibmagickwand-dev \t\tlibmaxminddb-dev \t\tlibncurses5-dev \t\tlibncursesw5-dev \t\tlibpng-dev \t\tlibpq-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tlibtool \t\tlibwebp-dev \t\tlibxml2-dev \t\tlibxslt-dev \t\tlibyaml-dev \t\tmake \t\tpatch \t\tunzip \t\txz-utils \t\tzlib1g-dev \t\t\t\t$( \t\t\tif apt-cache show 'default-libmysqlclient-dev' 2\u003e/dev/null | grep -q '^Version:'; then \t\t\t\techo 'default-libmysqlclient-dev'; \t\t\telse \t\t\t\techo 'libmysqlclient-dev'; \t\t\tfi \t\t) \t; \trm -rf /var/lib/apt/lists/*"
},
{
"created": "2023-04-12T09:05:40Z",
"created_by": "/bin/sh -c groupadd --gid 1000 node \u0026\u0026 useradd --uid 1000 --gid node --shell /bin/bash --create-home node"
},
{
"created": "2023-04-12T09:11:56Z",
"created_by": "/bin/sh -c #(nop) ENV NODE_VERSION=14.21.3",
"empty_layer": true
},
{
"created": "2023-04-12T09:12:09Z",
"created_by": "/bin/sh -c ARCH= \u0026\u0026 dpkgArch=\"$(dpkg --print-architecture)\" \u0026\u0026 case \"${dpkgArch##*-}\" in amd64) ARCH='x64';; ppc64el) ARCH='ppc64le';; s390x) ARCH='s390x';; arm64) ARCH='arm64';; armhf) ARCH='armv7l';; i386) ARCH='x86';; *) echo \"unsupported architecture\"; exit 1 ;; esac \u0026\u0026 set -ex \u0026\u0026 for key in 4ED778F539E3634C779C87C6D7062848A1AB005C 141F07595B7B3FFE74309A937405533BE57C7D57 74F12602B6F1C4E913FAA37AD3A89613643B6201 61FC681DFB92A079F1685E77973F295594EC4689 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C 108F52B48DB57BB0CC439B2997B01419BD92F80A ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$key\" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\" ; done \u0026\u0026 curl -fsSLO --compressed \"https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz\" \u0026\u0026 curl -fsSLO --compressed \"https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc\" \u0026\u0026 gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \u0026\u0026 grep \" node-v$NODE_VERSION-linux-$ARCH.tar.xz\\$\" SHASUMS256.txt | sha256sum -c - \u0026\u0026 tar -xJf \"node-v$NODE_VERSION-linux-$ARCH.tar.xz\" -C /usr/local --strip-components=1 --no-same-owner \u0026\u0026 rm \"node-v$NODE_VERSION-linux-$ARCH.tar.xz\" SHASUMS256.txt.asc SHASUMS256.txt \u0026\u0026 ln -s /usr/local/bin/node /usr/local/bin/nodejs \u0026\u0026 node --version \u0026\u0026 npm --version"
},
{
"created": "2023-04-12T09:12:09Z",
"created_by": "/bin/sh -c #(nop) ENV YARN_VERSION=1.22.19",
"empty_layer": true
},
{
"created": "2023-04-12T09:12:12Z",
"created_by": "/bin/sh -c set -ex \u0026\u0026 for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$key\" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\" ; done \u0026\u0026 curl -fsSLO --compressed \"https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz\" \u0026\u0026 curl -fsSLO --compressed \"https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc\" \u0026\u0026 gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \u0026\u0026 mkdir -p /opt \u0026\u0026 tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \u0026\u0026 ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \u0026\u0026 ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \u0026\u0026 rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \u0026\u0026 yarn --version"
},
{
"created": "2023-04-12T09:12:12Z",
"created_by": "/bin/sh -c #(nop) COPY file:4d192565a7220e135cab6c77fbc1c73211b69f3d9fb37e62857b2c6eb9363d51 in /usr/local/bin/ "
},
{
"created": "2023-04-12T09:12:12Z",
"created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"docker-entrypoint.sh\"]",
"empty_layer": true
},
{
"created": "2023-04-12T09:12:12Z",
"created_by": "/bin/sh -c #(nop) CMD [\"node\"]",
"empty_layer": true
},
{
"created": "2024-01-15T08:56:23Z",
"created_by": "WORKDIR /usr/src/app/",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2024-01-15T08:56:23Z",
"created_by": "COPY src/ /usr/src/app/ # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2024-01-15T08:56:27Z",
"created_by": "RUN /bin/sh -c npm install # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2024-01-15T08:56:27Z",
"created_by": "EXPOSE map[3000/tcp:{}]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2024-01-15T08:56:27Z",
"created_by": "CMD [\"node\" \"index.js\"]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
}
],
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c",
"sha256:f1186e5061f20658954f6bfdfaead0abc5ed2371d70f707da05206e868a226ab",
"sha256:fe0fb3ab4a0f7be72784fcab5ef9c8fda65ea9b1067e8f7cdf293c12bcd25c13",
"sha256:c45660adde371317a1eafb102ee1d33b059328ec73a01b5c2461c4d04a40ecec",
"sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b",
"sha256:cb81227abde588a006a8b7ceac6034a303813efadc2c711fabf7b224649d183f",
"sha256:f8a91dd5fc84e4e5a1f261cf306ba1de28894524326d86eec0d74e9c0d22baec",
"sha256:3c777d951de2c488f73618f92b2adee8bd5de6f77e36bab51d57583bc487b99b",
"sha256:0d5f5a015e5d65973cce1dbab5aa60ce0836dbf2b3c9eabcb6efc89db1db3221",
"sha256:baa0956fea600c916f370870566aca1edf9a5ffc7facf51cfb1286e774f6e0e2",
"sha256:2f08eba9a3eddbb1e9dc2b70a25a1a3860807dac0d42c1e40fd890bbafbfba29",
"sha256:bf7d7d997f27e713b44ac0e763a38c46f9698e71e2243b0ffa80405d62d8c5e0"
]
},
"config": {
"Cmd": [
"node",
"index.js"
],
"Entrypoint": [
"docker-entrypoint.sh"
],
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NODE_VERSION=14.21.3",
"YARN_VERSION=1.22.19"
],
"WorkingDir": "/usr/src/app/",
"ArgsEscaped": true
}
}
},
"Results": [
{
"Target": "noppaknopsta/example-app:main-159 (debian 10.13)",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2011-3374",
"PkgID": "apt@1.8.2.3",
"PkgName": "apt",
"InstalledVersion": "1.8.2.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "It was found that apt-key in apt, all versions, do not correctly valid ...",
"Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.",
"Severity": "LOW",
"CweIDs": [
"CWE-347"
],
"VendorSeverity": {
"debian": 1,
"nvd": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V2Score": 4.3,
"V3Score": 3.7
}
},
"References": [
"https://access.redhat.com/security/cve/cve-2011-3374",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480",
"https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html",
"https://seclists.org/fulldisclosure/2011/Sep/221",
"https://security-tracker.debian.org/tracker/CVE-2011-3374",
"https://snyk.io/vuln/SNYK-LINUX-APT-116518",
"https://ubuntu.com/security/CVE-2011-3374"
],
"PublishedDate": "2019-11-26T00:15:11.03Z",
"LastModifiedDate": "2021-02-09T16:08:18.683Z"
},
{
"VulnerabilityID": "CVE-2019-18276",
"PkgID": "bash@5.0-4",
"PkgName": "bash",
"InstalledVersion": "5.0-4",
"Status": "affected",
"Layer": {
"DiffID": "sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped",
"Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.",
"Severity": "LOW",
"CweIDs": [
"CWE-273"
],
"VendorSeverity": {
"cbl-mariner": 3,
"debian": 1,
"nvd": 3,
"oracle-oval": 1,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 7.2,
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
"https://access.redhat.com/security/cve/CVE-2019-18276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
"https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
"https://linux.oracle.com/cve/CVE-2019-18276.html",
"https://linux.oracle.com/errata/ELSA-2021-1679.html",
"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E",
"https://nvd.nist.gov/vuln/detail/CVE-2019-18276",
"https://security.gentoo.org/glsa/202105-34",
"https://security.netapp.com/advisory/ntap-20200430-0003/",
"https://ubuntu.com/security/notices/USN-5380-1",
"https://www.cve.org/CVERecord?id=CVE-2019-18276",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.youtube.com/watch?v=-wGtxJ8opa8"
],
"PublishedDate": "2019-11-28T01:15:10.603Z",
"LastModifiedDate": "2023-11-07T03:06:25.3Z"
},
{
"VulnerabilityID": "TEMP-0841856-B18BAF",
"PkgID": "bash@5.0-4",
"PkgName": "bash",
"InstalledVersion": "5.0-4",
"Status": "affected",
"Layer": {
"DiffID": "sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c"
},
"SeveritySource": "debian",
"PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "[Privilege escalation possible to other user than root]",
"Severity": "LOW",
"VendorSeverity": {
"debian": 1
}
},
{
"VulnerabilityID": "CVE-2017-13716",
"PkgID": "binutils@2.31.1-16",
"PkgName": "binutils",
"InstalledVersion": "2.31.1-16",
"Status": "affected",
"Layer": {
"DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
"Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"debian": 1,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 7.1,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2017-13716",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716",
"https://nvd.nist.gov/vuln/detail/CVE-2017-13716",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22009",
"https://www.cve.org/CVERecord?id=CVE-2017-13716"
],
"PublishedDate": "2017-08-28T21:29:00.293Z",
"LastModifiedDate": "2019-10-03T00:03:26.223Z"
},
{
"VulnerabilityID": "CVE-2018-1000876",
"PkgID": "binutils@2.31.1-16",
"PkgName": "binutils",
"InstalledVersion": "2.31.1-16",
"Status": "affected",
"Layer": {
"DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "integer overflow leads to heap-based buffer overflow in objdump",
"Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.",
"Severity": "LOW",
"CweIDs": [
"CWE-190",
"CWE-787"
],
"VendorSeverity": {
"amazon": 2,
"debian": 1,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 4.6,
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html",
"http://www.securityfocus.com/bid/106304",
"https://access.redhat.com/errata/RHSA-2019:2075",
"https://access.redhat.com/security/cve/CVE-2018-1000876",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876",
"https://linux.oracle.com/cve/CVE-2018-1000876.html",
"https://linux.oracle.com/errata/ELSA-2019-2075.html",
"https://nvd.nist.gov/vuln/detail/CVE-2018-1000876",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23994",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f",
"https://ubuntu.com/security/notices/USN-4336-1",
"https://ubuntu.com/security/notices/USN-4336-2",
"https://usn.ubuntu.com/4336-1/",
"https://www.cve.org/CVERecord?id=CVE-2018-1000876"
],
"PublishedDate": "2018-12-20T17:29:01.033Z",
"LastModifiedDate": "2023-11-07T02:51:14.47Z"
},
{
"VulnerabilityID": "CVE-2018-12697",
"PkgID": "binutils@2.31.1-16",
"PkgName": "binutils",
"InstalledVersion": "2.31.1-16",
"Status": "affected",
"Layer": {
"DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.",
"Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.",
"Severity": "LOW",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"amazon": 2,
"debian": 1,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/104538",
"https://access.redhat.com/errata/RHSA-2019:2075",
"https://access.redhat.com/security/cve/CVE-2018-12697",
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454",
"https://linux.oracle.com/cve/CVE-2018-12697.html",
"https://linux.oracle.com/errata/ELSA-2019-2075.html",
"https://nvd.nist.gov/vuln/detail/CVE-2018-12697",
"https://security.gentoo.org/glsa/201908-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23057",
"https://ubuntu.com/security/notices/USN-4326-1",
"https://ubuntu.com/security/notices/USN-4336-1",
"https://ubuntu.com/security/notices/USN-4336-2",
"https://usn.ubuntu.com/4326-1/",
"https://usn.ubuntu.com/4336-1/",
"https://www.cve.org/CVERecord?id=CVE-2018-12697"
],
"PublishedDate": "2018-06-23T23:29:00.22Z",
"LastModifiedDate": "2019-08-03T13:15:17.257Z"
},
{
"VulnerabilityID": "CVE-2018-12698",
"PkgID": "binutils@2.31.1-16",
"PkgName": "binutils",
"InstalledVersion": "2.31.1-16",
"Status": "affected",
"Layer": {
"DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c",
"Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.",
"Severity": "LOW",
"VendorSeverity": {
"debian": 1,
"nvd": 3,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/104539",
"https://access.redhat.com/security/cve/CVE-2018-12698",
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454",
"https://nvd.nist.gov/vuln/detail/CVE-2018-12698",
"https://security.gentoo.org/glsa/201908-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23057",
"https://ubuntu.com/security/notices/USN-4326-1",
"https://ubuntu.com/security/notices/USN-4336-1",
"https://ubuntu.com/security/notices/USN-4336-2",
"https://usn.ubuntu.com/4326-1/",
"https://usn.ubuntu.com/4336-1/",
"https://www.cve.org/CVERecord?id=CVE-2018-12698"
],
"PublishedDate": "2018-06-23T23:29:00.283Z",
"LastModifiedDate": "2019-10-03T00:03:26.223Z"
},
{
"VulnerabilityID": "CVE-2018-12699",
"PkgID": "binutils@2.31.1-16",
"PkgName": "binutils",
"InstalledVersion": "2.31.1-16",
"Status": "affected",
"Layer": {
"DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c",
"Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"debian": 1,
"nvd": 4,
"photon": 4,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 7.5,
"V3Score": 9.8
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/104540",
"https://access.redhat.com/security/cve/CVE-2018-12699",
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454",
"https://nvd.nist.gov/vuln/detail/CVE-2018-12699",
"https://security.gentoo.org/glsa/201908-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23057",
"https://ubuntu.com/security/notices/USN-4336-1",
"https://ubuntu.com/security/notices/USN-4336-2",
"https://usn.ubuntu.com/4336-1/",
"https://www.cve.org/CVERecord?id=CVE-2018-12699"
],
"PublishedDate": "2018-06-23T23:29:00.33Z",
"LastModifiedDate": "2019-08-03T13:15:17.587Z"
},
{
"VulnerabilityID": "CVE-2018-12934",
"PkgID": "binutils@2.31.1-16",
"PkgName": "binutils",
"InstalledVersion": "2.31.1-16",
"Status": "affected",
"Layer": {
"DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c",
"Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"debian": 1,
"nvd": 3,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2018-12934",
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12934",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453",
"https://nvd.nist.gov/vuln/detail/CVE-2018-12934",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23059",
"https://ubuntu.com/security/notices/USN-4326-1",
"https://ubuntu.com/security/notices/USN-4336-1",
"https://ubuntu.com/security/notices/USN-4336-2",
"https://usn.ubuntu.com/4326-1/",
"https://usn.ubuntu.com/4336-1/",
"https://www.cve.org/CVERecord?id=CVE-2018-12934"
],
"PublishedDate": "2018-06-28T14:29:00.683Z",
"LastModifiedDate": "2020-04-21T22:15:13.15Z"
},
{
"VulnerabilityID": "CVE-2018-17358",
"PkgID": "binutils@2.31.1-16",
"PkgName": "binutils",
"InstalledVersion": "2.31.1-16",
"Status": "affected",
"Layer": {
"DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17358",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "binutils: invalid memory access in _bfd_stab_section_find_nearest_line in syms.c",
"Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.",
"Severity": "LOW",
"CweIDs": [
"CWE-119"
],
"VendorSeverity": {
"debian": 1,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html",
"https://access.redhat.com/security/cve/CVE-2018-17358",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17358",
"https://nvd.nist.gov/vuln/detail/CVE-2018-17358",
"https://seclists.org/bugtraq/2020/Jan/25",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23686",
"https://ubuntu.com/security/notices/USN-4336-1",
"https://ubuntu.com/security/notices/USN-4336-2",
"https://usn.ubuntu.com/4336-1/",
"https://www.cve.org/CVERecord?id=CVE-2018-17358"
],
"PublishedDate": "2018-09-23T18:29:00.283Z",
"LastModifiedDate": "2019-10-31T01:15:12.203Z"
},
{
"VulnerabilityID": "CVE-2018-17359",
"PkgID": "binutils@2.31.1-16",
"PkgName": "binutils",
"InstalledVersion": "2.31.1-16",
"Status": "affected",
"Layer": {
"DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17359",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "binutils: invalid memory access in bfd_zalloc in opncls.c",
"Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.",
"Severity": "LOW",
"CweIDs": [
"CWE-119"
],
"VendorSeverity": {
"debian": 1,
"nvd": 2,
"photon": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html",
"https://access.redhat.com/security/cve/CVE-2018-17359",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17359",
"https://nvd.nist.gov/vuln/detail/CVE-2018-17359",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23686",
"https://ubuntu.com/security/notices/USN-4336-1",
"https://ubuntu.com/security/notices/USN-4336-2",
"https://usn.ubuntu.com/4336-1/",
"https://www.cve.org/CVERecord?id=CVE-2018-17359"
],
"PublishedDate": "2018-09-23T18:29:00.44Z",
"LastModifiedDate": "2019-10-31T01:15:12.437Z"
},
{
"VulnerabilityID": "CVE-2018-17360",
"PkgID": "binutils@2.31.1-16",
"PkgName": "binutils",
"InstalledVersion": "2.31.1-16",
"Status": "affected",
"Layer": {
"DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b"
},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17360",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "binutils: heap-based buffer over-read in bfd_getl32 in libbfd.c",
"Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.",
"Severity": "LOW",
"CweIDs": [
"CWE-125"
],
"VendorSeverity": {
"debian": 1,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html",
"https://access.redhat.com/security/cve/CVE-2018-17360",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17360",
"https://nvd.nist.gov/vuln/detail/CVE-2018-17360",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23685",
"https://ubuntu.com/security/notices/USN-4336-1",
"https://ubuntu.com/security/notices/USN-4336-2",
"https://usn.ubuntu.com/4336-1/",
"https://www.cve.org/CVERecord?id=CVE-2018-17360"
],
"PublishedDate": "2018-09-23T18:29:00.547Z",
"LastModifiedDate": "2019-10-31T01:15:12.56Z"
},
{
"VulnerabilityID": "CVE-2023-26136",
"PkgID": "tough-cookie@2.5.0",
"PkgName": "tough-cookie",
"PkgPath": "usr/local/lib/node_modules/npm/node_modules/tough-cookie/package.json",
"InstalledVersion": "2.5.0",
"FixedVersion": "4.1.3",
"Status": "fixed",
"Layer": {
"DiffID": "sha256:f8a91dd5fc84e4e5a1f261cf306ba1de28894524326d86eec0d74e9c0d22baec"
},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26136",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory npm",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm"
},
"Title": "tough-cookie: prototype pollution in cookie memstore",
"Description": "Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1321"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 4,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 6.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 9.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-26136",
"https://github.com/salesforce/tough-cookie",
"https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e",
"https://github.com/salesforce/tough-cookie/issues/282",
"https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3",
"https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html",
"https://nvd.nist.gov/vuln/detail/CVE-2023-26136",
"https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873",
"https://www.cve.org/CVERecord?id=CVE-2023-26136"
],
"PublishedDate": "2023-07-01T05:15:16.103Z",
"LastModifiedDate": "2023-11-07T04:09:26.4Z"
}
]
}
]
}

8 changes: 8 additions & 0 deletions unittests/tools/test_trivy_parser.py
Original file line number Diff line number Diff line change
@@ -217,3 +217,11 @@ def test_issue_9263(self):
self.assertEqual(len(findings), 1)
finding = findings[0]
self.assertEqual("High", finding.severity)

def test_issue_9333(self):
test_file = open(sample_path("issue_9333.json"))
parser = TrivyParser()
findings = parser.get_findings(test_file, Test())
self.assertEqual(len(findings), 13)
finding = findings[0]
self.assertEqual("Low", finding.severity)