foreman_cve_scanner 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +10 -5
  3. data/Rakefile +2 -3
  4. data/app/lib/actions/{cve_scanner_job.rb → foreman_cve_scanner/cve_scanner_job.rb} +10 -11
  5. data/app/services/foreman_cve_scanner/cve_report_scanner.rb +45 -48
  6. data/app/views/foreman_cve_scanner/job_templates/install_cve_scanners.erb +47 -9
  7. data/app/views/foreman_cve_scanner/job_templates/run_cve_scanner.erb +1 -1
  8. data/lib/foreman_cve_scanner/engine.rb +9 -8
  9. data/lib/foreman_cve_scanner/version.rb +1 -1
  10. data/lib/tasks/foreman_cve_scanner_tasks.rake +16 -0
  11. data/test/fixtures/grype.json +2970 -0
  12. data/test/fixtures/trivy.json +1765 -0
  13. data/test/services/foreman_cve_scanner/cve_report_scanner_test.rb +43 -0
  14. metadata +25 -44
  15. data/test/factories/foreman_cve_scanner_factories.rb +0 -5
  16. data/test/unit/foreman_cve_scanner_test.rb +0 -11
data/test/fixtures/grype.json ADDED
@@ -0,0 +1,2970 @@
1
+ {
2
+ "matches": [
3
+ {
4
+ "vulnerability": {
5
+ "id": "CVE-2007-0086",
6
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-0086",
7
+ "namespace": "nvd:cpe",
8
+ "severity": "High",
9
+ "urls": [
10
+ "http://osvdb.org/33456",
11
+ "http://www.securityfocus.com/archive/1/455833/100/0/threaded",
12
+ "http://www.securityfocus.com/archive/1/455879/100/0/threaded",
13
+ "http://www.securityfocus.com/archive/1/455882/100/0/threaded",
14
+ "http://www.securityfocus.com/archive/1/455920/100/0/threaded"
15
+ ],
16
+ "description": "The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment.",
17
+ "cvss": [
18
+ {
19
+ "source": "nvd@nist.gov",
20
+ "type": "Primary",
21
+ "version": "2.0",
22
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
23
+ "metrics": {
24
+ "baseScore": 7.8,
25
+ "exploitabilityScore": 10,
26
+ "impactScore": 6.9
27
+ },
28
+ "vendorMetadata": {}
29
+ }
30
+ ],
31
+ "fix": {
32
+ "versions": [],
33
+ "state": "unknown"
34
+ },
35
+ "advisories": []
36
+ },
37
+ "relatedVulnerabilities": [],
38
+ "matchDetails": [
39
+ {
40
+ "type": "cpe-match",
41
+ "matcher": "apk-matcher",
42
+ "searchedBy": {
43
+ "namespace": "nvd:cpe",
44
+ "cpes": [
45
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*"
46
+ ],
47
+ "Package": {
48
+ "name": "apache2",
49
+ "version": "2.4.58-r0"
50
+ }
51
+ },
52
+ "found": {
53
+ "vulnerabilityID": "CVE-2007-0086",
54
+ "versionConstraint": "none (unknown)",
55
+ "cpes": [
56
+ "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*"
57
+ ]
58
+ }
59
+ }
60
+ ],
61
+ "artifact": {
62
+ "id": "37f0d3d977f3a3b2",
63
+ "name": "apache2",
64
+ "version": "2.4.58-r0",
65
+ "type": "apk",
66
+ "locations": [
67
+ {
68
+ "path": "/lib/apk/db/installed",
69
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
70
+ }
71
+ ],
72
+ "language": "",
73
+ "licenses": [
74
+ "Apache-2.0"
75
+ ],
76
+ "cpes": [
77
+ "cpe:2.3:a:apache:http-server:2.4.58-r0:*:*:*:*:*:*:*",
78
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*",
79
+ "cpe:2.3:a:apache:apache2:2.4.58-r0:*:*:*:*:*:*:*",
80
+ "cpe:2.3:a:apache:apache:2.4.58-r0:*:*:*:*:*:*:*"
81
+ ],
82
+ "purl": "pkg:apk/alpine/apache2@2.4.58-r0?arch=x86_64&distro=alpine-3.18.5",
83
+ "upstreams": [
84
+ {
85
+ "name": "apache2"
86
+ }
87
+ ]
88
+ }
89
+ },
90
+ {
91
+ "vulnerability": {
92
+ "id": "CVE-1999-1237",
93
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-1999-1237",
94
+ "namespace": "nvd:cpe",
95
+ "severity": "High",
96
+ "urls": [
97
+ "http://www.securityfocus.com/archive/1/14384",
98
+ "https://exchange.xforce.ibmcloud.com/vulnerabilities/2272"
99
+ ],
100
+ "description": "Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.",
101
+ "cvss": [
102
+ {
103
+ "source": "nvd@nist.gov",
104
+ "type": "Primary",
105
+ "version": "2.0",
106
+ "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
107
+ "metrics": {
108
+ "baseScore": 10,
109
+ "exploitabilityScore": 10,
110
+ "impactScore": 10
111
+ },
112
+ "vendorMetadata": {}
113
+ }
114
+ ],
115
+ "fix": {
116
+ "versions": [],
117
+ "state": "unknown"
118
+ },
119
+ "advisories": []
120
+ },
121
+ "relatedVulnerabilities": [],
122
+ "matchDetails": [
123
+ {
124
+ "type": "cpe-match",
125
+ "matcher": "apk-matcher",
126
+ "searchedBy": {
127
+ "namespace": "nvd:cpe",
128
+ "cpes": [
129
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*"
130
+ ],
131
+ "Package": {
132
+ "name": "apache2",
133
+ "version": "2.4.58-r0"
134
+ }
135
+ },
136
+ "found": {
137
+ "vulnerabilityID": "CVE-1999-1237",
138
+ "versionConstraint": "none (unknown)",
139
+ "cpes": [
140
+ "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*"
141
+ ]
142
+ }
143
+ }
144
+ ],
145
+ "artifact": {
146
+ "id": "37f0d3d977f3a3b2",
147
+ "name": "apache2",
148
+ "version": "2.4.58-r0",
149
+ "type": "apk",
150
+ "locations": [
151
+ {
152
+ "path": "/lib/apk/db/installed",
153
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
154
+ }
155
+ ],
156
+ "language": "",
157
+ "licenses": [
158
+ "Apache-2.0"
159
+ ],
160
+ "cpes": [
161
+ "cpe:2.3:a:apache:http-server:2.4.58-r0:*:*:*:*:*:*:*",
162
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*",
163
+ "cpe:2.3:a:apache:apache2:2.4.58-r0:*:*:*:*:*:*:*",
164
+ "cpe:2.3:a:apache:apache:2.4.58-r0:*:*:*:*:*:*:*"
165
+ ],
166
+ "purl": "pkg:apk/alpine/apache2@2.4.58-r0?arch=x86_64&distro=alpine-3.18.5",
167
+ "upstreams": [
168
+ {
169
+ "name": "apache2"
170
+ }
171
+ ]
172
+ }
173
+ },
174
+ {
175
+ "vulnerability": {
176
+ "id": "CVE-1999-0236",
177
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-1999-0236",
178
+ "namespace": "nvd:cpe",
179
+ "severity": "High",
180
+ "urls": [
181
+ "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0236"
182
+ ],
183
+ "description": "ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.",
184
+ "cvss": [
185
+ {
186
+ "source": "nvd@nist.gov",
187
+ "type": "Primary",
188
+ "version": "2.0",
189
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
190
+ "metrics": {
191
+ "baseScore": 5,
192
+ "exploitabilityScore": 10,
193
+ "impactScore": 2.9
194
+ },
195
+ "vendorMetadata": {}
196
+ },
197
+ {
198
+ "source": "nvd@nist.gov",
199
+ "type": "Primary",
200
+ "version": "3.1",
201
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
202
+ "metrics": {
203
+ "baseScore": 7.5,
204
+ "exploitabilityScore": 3.9,
205
+ "impactScore": 3.6
206
+ },
207
+ "vendorMetadata": {}
208
+ }
209
+ ],
210
+ "fix": {
211
+ "versions": [],
212
+ "state": "unknown"
213
+ },
214
+ "advisories": []
215
+ },
216
+ "relatedVulnerabilities": [],
217
+ "matchDetails": [
218
+ {
219
+ "type": "cpe-match",
220
+ "matcher": "apk-matcher",
221
+ "searchedBy": {
222
+ "namespace": "nvd:cpe",
223
+ "cpes": [
224
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*"
225
+ ],
226
+ "Package": {
227
+ "name": "apache2",
228
+ "version": "2.4.58-r0"
229
+ }
230
+ },
231
+ "found": {
232
+ "vulnerabilityID": "CVE-1999-0236",
233
+ "versionConstraint": "none (unknown)",
234
+ "cpes": [
235
+ "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*"
236
+ ]
237
+ }
238
+ }
239
+ ],
240
+ "artifact": {
241
+ "id": "37f0d3d977f3a3b2",
242
+ "name": "apache2",
243
+ "version": "2.4.58-r0",
244
+ "type": "apk",
245
+ "locations": [
246
+ {
247
+ "path": "/lib/apk/db/installed",
248
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
249
+ }
250
+ ],
251
+ "language": "",
252
+ "licenses": [
253
+ "Apache-2.0"
254
+ ],
255
+ "cpes": [
256
+ "cpe:2.3:a:apache:http-server:2.4.58-r0:*:*:*:*:*:*:*",
257
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*",
258
+ "cpe:2.3:a:apache:apache2:2.4.58-r0:*:*:*:*:*:*:*",
259
+ "cpe:2.3:a:apache:apache:2.4.58-r0:*:*:*:*:*:*:*"
260
+ ],
261
+ "purl": "pkg:apk/alpine/apache2@2.4.58-r0?arch=x86_64&distro=alpine-3.18.5",
262
+ "upstreams": [
263
+ {
264
+ "name": "apache2"
265
+ }
266
+ ]
267
+ }
268
+ },
269
+ {
270
+ "vulnerability": {
271
+ "id": "CVE-2007-0450",
272
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
273
+ "namespace": "nvd:cpe",
274
+ "severity": "Medium",
275
+ "urls": [
276
+ "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
277
+ "http://docs.info.apple.com/article.html?artnum=306172",
278
+ "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",
279
+ "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html",
280
+ "http://lists.vmware.com/pipermail/security-announce/2008/000003.html",
281
+ "http://secunia.com/advisories/24732",
282
+ "http://secunia.com/advisories/25106",
283
+ "http://secunia.com/advisories/25280",
284
+ "http://secunia.com/advisories/26235",
285
+ "http://secunia.com/advisories/26660",
286
+ "http://secunia.com/advisories/27037",
287
+ "http://secunia.com/advisories/28365",
288
+ "http://secunia.com/advisories/30899",
289
+ "http://secunia.com/advisories/30908",
290
+ "http://secunia.com/advisories/33668",
291
+ "http://security.gentoo.org/glsa/glsa-200705-03.xml",
292
+ "http://securityreason.com/securityalert/2446",
293
+ "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1",
294
+ "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",
295
+ "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
296
+ "http://tomcat.apache.org/security-4.html",
297
+ "http://tomcat.apache.org/security-5.html",
298
+ "http://tomcat.apache.org/security-6.html",
299
+ "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html",
300
+ "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241",
301
+ "http://www.novell.com/linux/security/advisories/2007_15_sr.html",
302
+ "http://www.novell.com/linux/security/advisories/2007_5_sr.html",
303
+ "http://www.redhat.com/support/errata/RHSA-2007-0327.html",
304
+ "http://www.redhat.com/support/errata/RHSA-2007-0360.html",
305
+ "http://www.redhat.com/support/errata/RHSA-2008-0261.html",
306
+ "http://www.sec-consult.com/287.html",
307
+ "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt",
308
+ "http://www.securityfocus.com/archive/1/462791/100/0/threaded",
309
+ "http://www.securityfocus.com/archive/1/485938/100/0/threaded",
310
+ "http://www.securityfocus.com/archive/1/500396/100/0/threaded",
311
+ "http://www.securityfocus.com/archive/1/500412/100/0/threaded",
312
+ "http://www.securityfocus.com/bid/22960",
313
+ "http://www.securityfocus.com/bid/25159",
314
+ "http://www.vupen.com/english/advisories/2007/0975",
315
+ "http://www.vupen.com/english/advisories/2007/2732",
316
+ "http://www.vupen.com/english/advisories/2007/3087",
317
+ "http://www.vupen.com/english/advisories/2007/3386",
318
+ "http://www.vupen.com/english/advisories/2008/0065",
319
+ "http://www.vupen.com/english/advisories/2008/1979/references",
320
+ "http://www.vupen.com/english/advisories/2009/0233",
321
+ "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988",
322
+ "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",
323
+ "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
324
+ "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",
325
+ "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",
326
+ "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
327
+ "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
328
+ "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",
329
+ "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
330
+ "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
331
+ "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643"
332
+ ],
333
+ "description": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
334
+ "cvss": [
335
+ {
336
+ "source": "nvd@nist.gov",
337
+ "type": "Primary",
338
+ "version": "2.0",
339
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
340
+ "metrics": {
341
+ "baseScore": 5,
342
+ "exploitabilityScore": 10,
343
+ "impactScore": 2.9
344
+ },
345
+ "vendorMetadata": {}
346
+ }
347
+ ],
348
+ "fix": {
349
+ "versions": [],
350
+ "state": "unknown"
351
+ },
352
+ "advisories": []
353
+ },
354
+ "relatedVulnerabilities": [],
355
+ "matchDetails": [
356
+ {
357
+ "type": "cpe-match",
358
+ "matcher": "apk-matcher",
359
+ "searchedBy": {
360
+ "namespace": "nvd:cpe",
361
+ "cpes": [
362
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*"
363
+ ],
364
+ "Package": {
365
+ "name": "apache2",
366
+ "version": "2.4.58-r0"
367
+ }
368
+ },
369
+ "found": {
370
+ "vulnerabilityID": "CVE-2007-0450",
371
+ "versionConstraint": "none (unknown)",
372
+ "cpes": [
373
+ "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*"
374
+ ]
375
+ }
376
+ }
377
+ ],
378
+ "artifact": {
379
+ "id": "37f0d3d977f3a3b2",
380
+ "name": "apache2",
381
+ "version": "2.4.58-r0",
382
+ "type": "apk",
383
+ "locations": [
384
+ {
385
+ "path": "/lib/apk/db/installed",
386
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
387
+ }
388
+ ],
389
+ "language": "",
390
+ "licenses": [
391
+ "Apache-2.0"
392
+ ],
393
+ "cpes": [
394
+ "cpe:2.3:a:apache:http-server:2.4.58-r0:*:*:*:*:*:*:*",
395
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*",
396
+ "cpe:2.3:a:apache:apache2:2.4.58-r0:*:*:*:*:*:*:*",
397
+ "cpe:2.3:a:apache:apache:2.4.58-r0:*:*:*:*:*:*:*"
398
+ ],
399
+ "purl": "pkg:apk/alpine/apache2@2.4.58-r0?arch=x86_64&distro=alpine-3.18.5",
400
+ "upstreams": [
401
+ {
402
+ "name": "apache2"
403
+ }
404
+ ]
405
+ }
406
+ },
407
+ {
408
+ "vulnerability": {
409
+ "id": "CVE-1999-1412",
410
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-1999-1412",
411
+ "namespace": "nvd:cpe",
412
+ "severity": "Medium",
413
+ "urls": [
414
+ "http://www.securityfocus.com/archive/1/14215",
415
+ "http://www.securityfocus.com/bid/306"
416
+ ],
417
+ "description": "A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.",
418
+ "cvss": [
419
+ {
420
+ "source": "nvd@nist.gov",
421
+ "type": "Primary",
422
+ "version": "2.0",
423
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
424
+ "metrics": {
425
+ "baseScore": 5,
426
+ "exploitabilityScore": 10,
427
+ "impactScore": 2.9
428
+ },
429
+ "vendorMetadata": {}
430
+ }
431
+ ],
432
+ "fix": {
433
+ "versions": [],
434
+ "state": "unknown"
435
+ },
436
+ "advisories": []
437
+ },
438
+ "relatedVulnerabilities": [],
439
+ "matchDetails": [
440
+ {
441
+ "type": "cpe-match",
442
+ "matcher": "apk-matcher",
443
+ "searchedBy": {
444
+ "namespace": "nvd:cpe",
445
+ "cpes": [
446
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*"
447
+ ],
448
+ "Package": {
449
+ "name": "apache2",
450
+ "version": "2.4.58-r0"
451
+ }
452
+ },
453
+ "found": {
454
+ "vulnerabilityID": "CVE-1999-1412",
455
+ "versionConstraint": "none (unknown)",
456
+ "cpes": [
457
+ "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*"
458
+ ]
459
+ }
460
+ }
461
+ ],
462
+ "artifact": {
463
+ "id": "37f0d3d977f3a3b2",
464
+ "name": "apache2",
465
+ "version": "2.4.58-r0",
466
+ "type": "apk",
467
+ "locations": [
468
+ {
469
+ "path": "/lib/apk/db/installed",
470
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
471
+ }
472
+ ],
473
+ "language": "",
474
+ "licenses": [
475
+ "Apache-2.0"
476
+ ],
477
+ "cpes": [
478
+ "cpe:2.3:a:apache:http-server:2.4.58-r0:*:*:*:*:*:*:*",
479
+ "cpe:2.3:a:apache:http_server:2.4.58-r0:*:*:*:*:*:*:*",
480
+ "cpe:2.3:a:apache:apache2:2.4.58-r0:*:*:*:*:*:*:*",
481
+ "cpe:2.3:a:apache:apache:2.4.58-r0:*:*:*:*:*:*:*"
482
+ ],
483
+ "purl": "pkg:apk/alpine/apache2@2.4.58-r0?arch=x86_64&distro=alpine-3.18.5",
484
+ "upstreams": [
485
+ {
486
+ "name": "apache2"
487
+ }
488
+ ]
489
+ }
490
+ },
491
+ {
492
+ "vulnerability": {
493
+ "id": "CVE-2023-42366",
494
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42366",
495
+ "namespace": "nvd:cpe",
496
+ "severity": "Medium",
497
+ "urls": [
498
+ "https://bugs.busybox.net/show_bug.cgi?id=15874"
499
+ ],
500
+ "description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.",
501
+ "cvss": [
502
+ {
503
+ "source": "nvd@nist.gov",
504
+ "type": "Primary",
505
+ "version": "3.1",
506
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
507
+ "metrics": {
508
+ "baseScore": 5.5,
509
+ "exploitabilityScore": 1.8,
510
+ "impactScore": 3.6
511
+ },
512
+ "vendorMetadata": {}
513
+ }
514
+ ],
515
+ "fix": {
516
+ "versions": [],
517
+ "state": "unknown"
518
+ },
519
+ "advisories": []
520
+ },
521
+ "relatedVulnerabilities": [],
522
+ "matchDetails": [
523
+ {
524
+ "type": "cpe-match",
525
+ "matcher": "apk-matcher",
526
+ "searchedBy": {
527
+ "namespace": "nvd:cpe",
528
+ "cpes": [
529
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
530
+ ],
531
+ "Package": {
532
+ "name": "busybox",
533
+ "version": "1.36.1-r5"
534
+ }
535
+ },
536
+ "found": {
537
+ "vulnerabilityID": "CVE-2023-42366",
538
+ "versionConstraint": "= 1.36.1 (unknown)",
539
+ "cpes": [
540
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
541
+ ]
542
+ }
543
+ }
544
+ ],
545
+ "artifact": {
546
+ "id": "c4cadec7a04f67ce",
547
+ "name": "busybox",
548
+ "version": "1.36.1-r5",
549
+ "type": "apk",
550
+ "locations": [
551
+ {
552
+ "path": "/lib/apk/db/installed",
553
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
554
+ }
555
+ ],
556
+ "language": "",
557
+ "licenses": [
558
+ "GPL-2.0-only"
559
+ ],
560
+ "cpes": [
561
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
562
+ ],
563
+ "purl": "pkg:apk/alpine/busybox@1.36.1-r5?arch=x86_64&distro=alpine-3.18.5",
564
+ "upstreams": [
565
+ {
566
+ "name": "busybox"
567
+ }
568
+ ]
569
+ }
570
+ },
571
+ {
572
+ "vulnerability": {
573
+ "id": "CVE-2023-42365",
574
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42365",
575
+ "namespace": "nvd:cpe",
576
+ "severity": "Medium",
577
+ "urls": [
578
+ "https://bugs.busybox.net/show_bug.cgi?id=15871"
579
+ ],
580
+ "description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.",
581
+ "cvss": [
582
+ {
583
+ "source": "nvd@nist.gov",
584
+ "type": "Primary",
585
+ "version": "3.1",
586
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
587
+ "metrics": {
588
+ "baseScore": 5.5,
589
+ "exploitabilityScore": 1.8,
590
+ "impactScore": 3.6
591
+ },
592
+ "vendorMetadata": {}
593
+ }
594
+ ],
595
+ "fix": {
596
+ "versions": [],
597
+ "state": "unknown"
598
+ },
599
+ "advisories": []
600
+ },
601
+ "relatedVulnerabilities": [],
602
+ "matchDetails": [
603
+ {
604
+ "type": "cpe-match",
605
+ "matcher": "apk-matcher",
606
+ "searchedBy": {
607
+ "namespace": "nvd:cpe",
608
+ "cpes": [
609
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
610
+ ],
611
+ "Package": {
612
+ "name": "busybox",
613
+ "version": "1.36.1-r5"
614
+ }
615
+ },
616
+ "found": {
617
+ "vulnerabilityID": "CVE-2023-42365",
618
+ "versionConstraint": "= 1.36.1 (unknown)",
619
+ "cpes": [
620
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
621
+ ]
622
+ }
623
+ }
624
+ ],
625
+ "artifact": {
626
+ "id": "c4cadec7a04f67ce",
627
+ "name": "busybox",
628
+ "version": "1.36.1-r5",
629
+ "type": "apk",
630
+ "locations": [
631
+ {
632
+ "path": "/lib/apk/db/installed",
633
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
634
+ }
635
+ ],
636
+ "language": "",
637
+ "licenses": [
638
+ "GPL-2.0-only"
639
+ ],
640
+ "cpes": [
641
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
642
+ ],
643
+ "purl": "pkg:apk/alpine/busybox@1.36.1-r5?arch=x86_64&distro=alpine-3.18.5",
644
+ "upstreams": [
645
+ {
646
+ "name": "busybox"
647
+ }
648
+ ]
649
+ }
650
+ },
651
+ {
652
+ "vulnerability": {
653
+ "id": "CVE-2023-42364",
654
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42364",
655
+ "namespace": "nvd:cpe",
656
+ "severity": "Medium",
657
+ "urls": [
658
+ "https://bugs.busybox.net/show_bug.cgi?id=15868"
659
+ ],
660
+ "description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.",
661
+ "cvss": [
662
+ {
663
+ "source": "nvd@nist.gov",
664
+ "type": "Primary",
665
+ "version": "3.1",
666
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
667
+ "metrics": {
668
+ "baseScore": 5.5,
669
+ "exploitabilityScore": 1.8,
670
+ "impactScore": 3.6
671
+ },
672
+ "vendorMetadata": {}
673
+ }
674
+ ],
675
+ "fix": {
676
+ "versions": [],
677
+ "state": "unknown"
678
+ },
679
+ "advisories": []
680
+ },
681
+ "relatedVulnerabilities": [],
682
+ "matchDetails": [
683
+ {
684
+ "type": "cpe-match",
685
+ "matcher": "apk-matcher",
686
+ "searchedBy": {
687
+ "namespace": "nvd:cpe",
688
+ "cpes": [
689
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
690
+ ],
691
+ "Package": {
692
+ "name": "busybox",
693
+ "version": "1.36.1-r5"
694
+ }
695
+ },
696
+ "found": {
697
+ "vulnerabilityID": "CVE-2023-42364",
698
+ "versionConstraint": "= 1.36.1 (unknown)",
699
+ "cpes": [
700
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
701
+ ]
702
+ }
703
+ }
704
+ ],
705
+ "artifact": {
706
+ "id": "c4cadec7a04f67ce",
707
+ "name": "busybox",
708
+ "version": "1.36.1-r5",
709
+ "type": "apk",
710
+ "locations": [
711
+ {
712
+ "path": "/lib/apk/db/installed",
713
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
714
+ }
715
+ ],
716
+ "language": "",
717
+ "licenses": [
718
+ "GPL-2.0-only"
719
+ ],
720
+ "cpes": [
721
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
722
+ ],
723
+ "purl": "pkg:apk/alpine/busybox@1.36.1-r5?arch=x86_64&distro=alpine-3.18.5",
724
+ "upstreams": [
725
+ {
726
+ "name": "busybox"
727
+ }
728
+ ]
729
+ }
730
+ },
731
+ {
732
+ "vulnerability": {
733
+ "id": "CVE-2023-42363",
734
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42363",
735
+ "namespace": "nvd:cpe",
736
+ "severity": "Medium",
737
+ "urls": [
738
+ "https://bugs.busybox.net/show_bug.cgi?id=15865"
739
+ ],
740
+ "description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.",
741
+ "cvss": [
742
+ {
743
+ "source": "nvd@nist.gov",
744
+ "type": "Primary",
745
+ "version": "3.1",
746
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
747
+ "metrics": {
748
+ "baseScore": 5.5,
749
+ "exploitabilityScore": 1.8,
750
+ "impactScore": 3.6
751
+ },
752
+ "vendorMetadata": {}
753
+ }
754
+ ],
755
+ "fix": {
756
+ "versions": [],
757
+ "state": "unknown"
758
+ },
759
+ "advisories": []
760
+ },
761
+ "relatedVulnerabilities": [],
762
+ "matchDetails": [
763
+ {
764
+ "type": "cpe-match",
765
+ "matcher": "apk-matcher",
766
+ "searchedBy": {
767
+ "namespace": "nvd:cpe",
768
+ "cpes": [
769
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
770
+ ],
771
+ "Package": {
772
+ "name": "busybox",
773
+ "version": "1.36.1-r5"
774
+ }
775
+ },
776
+ "found": {
777
+ "vulnerabilityID": "CVE-2023-42363",
778
+ "versionConstraint": "= 1.36.1 (unknown)",
779
+ "cpes": [
780
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
781
+ ]
782
+ }
783
+ }
784
+ ],
785
+ "artifact": {
786
+ "id": "c4cadec7a04f67ce",
787
+ "name": "busybox",
788
+ "version": "1.36.1-r5",
789
+ "type": "apk",
790
+ "locations": [
791
+ {
792
+ "path": "/lib/apk/db/installed",
793
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
794
+ }
795
+ ],
796
+ "language": "",
797
+ "licenses": [
798
+ "GPL-2.0-only"
799
+ ],
800
+ "cpes": [
801
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
802
+ ],
803
+ "purl": "pkg:apk/alpine/busybox@1.36.1-r5?arch=x86_64&distro=alpine-3.18.5",
804
+ "upstreams": [
805
+ {
806
+ "name": "busybox"
807
+ }
808
+ ]
809
+ }
810
+ },
811
+ {
812
+ "vulnerability": {
813
+ "id": "CVE-2023-42366",
814
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42366",
815
+ "namespace": "nvd:cpe",
816
+ "severity": "Medium",
817
+ "urls": [
818
+ "https://bugs.busybox.net/show_bug.cgi?id=15874"
819
+ ],
820
+ "description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.",
821
+ "cvss": [
822
+ {
823
+ "source": "nvd@nist.gov",
824
+ "type": "Primary",
825
+ "version": "3.1",
826
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
827
+ "metrics": {
828
+ "baseScore": 5.5,
829
+ "exploitabilityScore": 1.8,
830
+ "impactScore": 3.6
831
+ },
832
+ "vendorMetadata": {}
833
+ }
834
+ ],
835
+ "fix": {
836
+ "versions": [],
837
+ "state": "unknown"
838
+ },
839
+ "advisories": []
840
+ },
841
+ "relatedVulnerabilities": [],
842
+ "matchDetails": [
843
+ {
844
+ "type": "cpe-match",
845
+ "matcher": "apk-matcher",
846
+ "searchedBy": {
847
+ "namespace": "nvd:cpe",
848
+ "cpes": [
849
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
850
+ ],
851
+ "Package": {
852
+ "name": "busybox",
853
+ "version": "1.36.1-r5"
854
+ }
855
+ },
856
+ "found": {
857
+ "vulnerabilityID": "CVE-2023-42366",
858
+ "versionConstraint": "= 1.36.1 (unknown)",
859
+ "cpes": [
860
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
861
+ ]
862
+ }
863
+ }
864
+ ],
865
+ "artifact": {
866
+ "id": "ea8601e6fdd7765c",
867
+ "name": "busybox-binsh",
868
+ "version": "1.36.1-r5",
869
+ "type": "apk",
870
+ "locations": [
871
+ {
872
+ "path": "/lib/apk/db/installed",
873
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
874
+ }
875
+ ],
876
+ "language": "",
877
+ "licenses": [
878
+ "GPL-2.0-only"
879
+ ],
880
+ "cpes": [
881
+ "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
882
+ "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*",
883
+ "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
884
+ "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*",
885
+ "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
886
+ "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*"
887
+ ],
888
+ "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.18.5",
889
+ "upstreams": [
890
+ {
891
+ "name": "busybox"
892
+ }
893
+ ]
894
+ }
895
+ },
896
+ {
897
+ "vulnerability": {
898
+ "id": "CVE-2023-42365",
899
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42365",
900
+ "namespace": "nvd:cpe",
901
+ "severity": "Medium",
902
+ "urls": [
903
+ "https://bugs.busybox.net/show_bug.cgi?id=15871"
904
+ ],
905
+ "description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.",
906
+ "cvss": [
907
+ {
908
+ "source": "nvd@nist.gov",
909
+ "type": "Primary",
910
+ "version": "3.1",
911
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
912
+ "metrics": {
913
+ "baseScore": 5.5,
914
+ "exploitabilityScore": 1.8,
915
+ "impactScore": 3.6
916
+ },
917
+ "vendorMetadata": {}
918
+ }
919
+ ],
920
+ "fix": {
921
+ "versions": [],
922
+ "state": "unknown"
923
+ },
924
+ "advisories": []
925
+ },
926
+ "relatedVulnerabilities": [],
927
+ "matchDetails": [
928
+ {
929
+ "type": "cpe-match",
930
+ "matcher": "apk-matcher",
931
+ "searchedBy": {
932
+ "namespace": "nvd:cpe",
933
+ "cpes": [
934
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
935
+ ],
936
+ "Package": {
937
+ "name": "busybox",
938
+ "version": "1.36.1-r5"
939
+ }
940
+ },
941
+ "found": {
942
+ "vulnerabilityID": "CVE-2023-42365",
943
+ "versionConstraint": "= 1.36.1 (unknown)",
944
+ "cpes": [
945
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
946
+ ]
947
+ }
948
+ }
949
+ ],
950
+ "artifact": {
951
+ "id": "ea8601e6fdd7765c",
952
+ "name": "busybox-binsh",
953
+ "version": "1.36.1-r5",
954
+ "type": "apk",
955
+ "locations": [
956
+ {
957
+ "path": "/lib/apk/db/installed",
958
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
959
+ }
960
+ ],
961
+ "language": "",
962
+ "licenses": [
963
+ "GPL-2.0-only"
964
+ ],
965
+ "cpes": [
966
+ "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
967
+ "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*",
968
+ "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
969
+ "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*",
970
+ "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
971
+ "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*"
972
+ ],
973
+ "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.18.5",
974
+ "upstreams": [
975
+ {
976
+ "name": "busybox"
977
+ }
978
+ ]
979
+ }
980
+ },
981
+ {
982
+ "vulnerability": {
983
+ "id": "CVE-2023-42364",
984
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42364",
985
+ "namespace": "nvd:cpe",
986
+ "severity": "Medium",
987
+ "urls": [
988
+ "https://bugs.busybox.net/show_bug.cgi?id=15868"
989
+ ],
990
+ "description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.",
991
+ "cvss": [
992
+ {
993
+ "source": "nvd@nist.gov",
994
+ "type": "Primary",
995
+ "version": "3.1",
996
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
997
+ "metrics": {
998
+ "baseScore": 5.5,
999
+ "exploitabilityScore": 1.8,
1000
+ "impactScore": 3.6
1001
+ },
1002
+ "vendorMetadata": {}
1003
+ }
1004
+ ],
1005
+ "fix": {
1006
+ "versions": [],
1007
+ "state": "unknown"
1008
+ },
1009
+ "advisories": []
1010
+ },
1011
+ "relatedVulnerabilities": [],
1012
+ "matchDetails": [
1013
+ {
1014
+ "type": "cpe-match",
1015
+ "matcher": "apk-matcher",
1016
+ "searchedBy": {
1017
+ "namespace": "nvd:cpe",
1018
+ "cpes": [
1019
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
1020
+ ],
1021
+ "Package": {
1022
+ "name": "busybox",
1023
+ "version": "1.36.1-r5"
1024
+ }
1025
+ },
1026
+ "found": {
1027
+ "vulnerabilityID": "CVE-2023-42364",
1028
+ "versionConstraint": "= 1.36.1 (unknown)",
1029
+ "cpes": [
1030
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
1031
+ ]
1032
+ }
1033
+ }
1034
+ ],
1035
+ "artifact": {
1036
+ "id": "ea8601e6fdd7765c",
1037
+ "name": "busybox-binsh",
1038
+ "version": "1.36.1-r5",
1039
+ "type": "apk",
1040
+ "locations": [
1041
+ {
1042
+ "path": "/lib/apk/db/installed",
1043
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
1044
+ }
1045
+ ],
1046
+ "language": "",
1047
+ "licenses": [
1048
+ "GPL-2.0-only"
1049
+ ],
1050
+ "cpes": [
1051
+ "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
1052
+ "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*",
1053
+ "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
1054
+ "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*",
1055
+ "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
1056
+ "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*"
1057
+ ],
1058
+ "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.18.5",
1059
+ "upstreams": [
1060
+ {
1061
+ "name": "busybox"
1062
+ }
1063
+ ]
1064
+ }
1065
+ },
1066
+ {
1067
+ "vulnerability": {
1068
+ "id": "CVE-2023-42363",
1069
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42363",
1070
+ "namespace": "nvd:cpe",
1071
+ "severity": "Medium",
1072
+ "urls": [
1073
+ "https://bugs.busybox.net/show_bug.cgi?id=15865"
1074
+ ],
1075
+ "description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.",
1076
+ "cvss": [
1077
+ {
1078
+ "source": "nvd@nist.gov",
1079
+ "type": "Primary",
1080
+ "version": "3.1",
1081
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
1082
+ "metrics": {
1083
+ "baseScore": 5.5,
1084
+ "exploitabilityScore": 1.8,
1085
+ "impactScore": 3.6
1086
+ },
1087
+ "vendorMetadata": {}
1088
+ }
1089
+ ],
1090
+ "fix": {
1091
+ "versions": [],
1092
+ "state": "unknown"
1093
+ },
1094
+ "advisories": []
1095
+ },
1096
+ "relatedVulnerabilities": [],
1097
+ "matchDetails": [
1098
+ {
1099
+ "type": "cpe-match",
1100
+ "matcher": "apk-matcher",
1101
+ "searchedBy": {
1102
+ "namespace": "nvd:cpe",
1103
+ "cpes": [
1104
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
1105
+ ],
1106
+ "Package": {
1107
+ "name": "busybox",
1108
+ "version": "1.36.1-r5"
1109
+ }
1110
+ },
1111
+ "found": {
1112
+ "vulnerabilityID": "CVE-2023-42363",
1113
+ "versionConstraint": "= 1.36.1 (unknown)",
1114
+ "cpes": [
1115
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
1116
+ ]
1117
+ }
1118
+ }
1119
+ ],
1120
+ "artifact": {
1121
+ "id": "ea8601e6fdd7765c",
1122
+ "name": "busybox-binsh",
1123
+ "version": "1.36.1-r5",
1124
+ "type": "apk",
1125
+ "locations": [
1126
+ {
1127
+ "path": "/lib/apk/db/installed",
1128
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
1129
+ }
1130
+ ],
1131
+ "language": "",
1132
+ "licenses": [
1133
+ "GPL-2.0-only"
1134
+ ],
1135
+ "cpes": [
1136
+ "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
1137
+ "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*",
1138
+ "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
1139
+ "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*",
1140
+ "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r5:*:*:*:*:*:*:*",
1141
+ "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r5:*:*:*:*:*:*:*"
1142
+ ],
1143
+ "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.18.5",
1144
+ "upstreams": [
1145
+ {
1146
+ "name": "busybox"
1147
+ }
1148
+ ]
1149
+ }
1150
+ },
1151
+ {
1152
+ "vulnerability": {
1153
+ "id": "GHSA-45x7-px36-x8w8",
1154
+ "dataSource": "https://github.com/advisories/GHSA-45x7-px36-x8w8",
1155
+ "namespace": "github:language:go",
1156
+ "severity": "Medium",
1157
+ "urls": [
1158
+ "https://github.com/advisories/GHSA-45x7-px36-x8w8"
1159
+ ],
1160
+ "description": "Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin",
1161
+ "cvss": [
1162
+ {
1163
+ "version": "3.1",
1164
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
1165
+ "metrics": {
1166
+ "baseScore": 5.9,
1167
+ "exploitabilityScore": 2.2,
1168
+ "impactScore": 3.6
1169
+ },
1170
+ "vendorMetadata": {
1171
+ "base_severity": "Medium",
1172
+ "status": "N/A"
1173
+ }
1174
+ }
1175
+ ],
1176
+ "fix": {
1177
+ "versions": [
1178
+ "0.17.0"
1179
+ ],
1180
+ "state": "fixed"
1181
+ },
1182
+ "advisories": []
1183
+ },
1184
+ "relatedVulnerabilities": [
1185
+ {
1186
+ "id": "CVE-2023-48795",
1187
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
1188
+ "namespace": "nvd:cpe",
1189
+ "severity": "Medium",
1190
+ "urls": [
1191
+ "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
1192
+ "http://www.openwall.com/lists/oss-security/2023/12/18/3",
1193
+ "http://www.openwall.com/lists/oss-security/2023/12/19/5",
1194
+ "http://www.openwall.com/lists/oss-security/2023/12/20/3",
1195
+ "https://access.redhat.com/security/cve/cve-2023-48795",
1196
+ "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
1197
+ "https://bugs.gentoo.org/920280",
1198
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
1199
+ "https://bugzilla.suse.com/show_bug.cgi?id=1217950",
1200
+ "https://crates.io/crates/thrussh/versions",
1201
+ "https://filezilla-project.org/versions.php",
1202
+ "https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
1203
+ "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
1204
+ "https://github.com/NixOS/nixpkgs/pull/275249",
1205
+ "https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
1206
+ "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
1207
+ "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
1208
+ "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
1209
+ "https://github.com/advisories/GHSA-45x7-px36-x8w8",
1210
+ "https://github.com/apache/mina-sshd/issues/445",
1211
+ "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
1212
+ "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
1213
+ "https://github.com/cyd01/KiTTY/issues/520",
1214
+ "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
1215
+ "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
1216
+ "https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
1217
+ "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
1218
+ "https://github.com/hierynomus/sshj/issues/916",
1219
+ "https://github.com/janmojzis/tinyssh/issues/81",
1220
+ "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
1221
+ "https://github.com/libssh2/libssh2/pull/1291",
1222
+ "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
1223
+ "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
1224
+ "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
1225
+ "https://github.com/mwiede/jsch/issues/457",
1226
+ "https://github.com/mwiede/jsch/pull/461",
1227
+ "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
1228
+ "https://github.com/openssh/openssh-portable/commits/master",
1229
+ "https://github.com/paramiko/paramiko/issues/2337",
1230
+ "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
1231
+ "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
1232
+ "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
1233
+ "https://github.com/proftpd/proftpd/issues/456",
1234
+ "https://github.com/rapier1/hpn-ssh/releases",
1235
+ "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
1236
+ "https://github.com/ronf/asyncssh/tags",
1237
+ "https://github.com/ssh-mitm/ssh-mitm/issues/165",
1238
+ "https://github.com/warp-tech/russh/releases/tag/v0.40.2",
1239
+ "https://gitlab.com/libssh/libssh-mirror/-/tags",
1240
+ "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
1241
+ "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
1242
+ "https://help.panic.com/releasenotes/transmit5/",
1243
+ "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
1244
+ "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
1245
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
1246
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
1247
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
1248
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
1249
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
1250
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
1251
+ "https://matt.ucc.asn.au/dropbear/CHANGES",
1252
+ "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
1253
+ "https://news.ycombinator.com/item?id=38684904",
1254
+ "https://news.ycombinator.com/item?id=38685286",
1255
+ "https://news.ycombinator.com/item?id=38732005",
1256
+ "https://nova.app/releases/#v11.8",
1257
+ "https://oryx-embedded.com/download/#changelog",
1258
+ "https://roumenpetrov.info/secsh/#news20231220",
1259
+ "https://security-tracker.debian.org/tracker/CVE-2023-48795",
1260
+ "https://security-tracker.debian.org/tracker/source-package/libssh2",
1261
+ "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
1262
+ "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
1263
+ "https://security.gentoo.org/glsa/202312-16",
1264
+ "https://security.gentoo.org/glsa/202312-17",
1265
+ "https://security.netapp.com/advisory/ntap-20240105-0004/",
1266
+ "https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
1267
+ "https://twitter.com/TrueSkrillor/status/1736774389725565005",
1268
+ "https://ubuntu.com/security/CVE-2023-48795",
1269
+ "https://winscp.net/eng/docs/history#6.2.2",
1270
+ "https://www.bitvise.com/ssh-client-version-history#933",
1271
+ "https://www.bitvise.com/ssh-server-version-history",
1272
+ "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
1273
+ "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
1274
+ "https://www.debian.org/security/2023/dsa-5586",
1275
+ "https://www.debian.org/security/2023/dsa-5588",
1276
+ "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
1277
+ "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
1278
+ "https://www.netsarang.com/en/xshell-update-history/",
1279
+ "https://www.openssh.com/openbsd.html",
1280
+ "https://www.openssh.com/txt/release-9.6",
1281
+ "https://www.openwall.com/lists/oss-security/2023/12/18/2",
1282
+ "https://www.openwall.com/lists/oss-security/2023/12/20/3",
1283
+ "https://www.paramiko.org/changelog.html",
1284
+ "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
1285
+ "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
1286
+ "https://www.terrapin-attack.com",
1287
+ "https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
1288
+ "https://www.vandyke.com/products/securecrt/history.txt"
1289
+ ],
1290
+ "description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
1291
+ "cvss": [
1292
+ {
1293
+ "source": "nvd@nist.gov",
1294
+ "type": "Primary",
1295
+ "version": "3.1",
1296
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
1297
+ "metrics": {
1298
+ "baseScore": 5.9,
1299
+ "exploitabilityScore": 2.2,
1300
+ "impactScore": 3.6
1301
+ },
1302
+ "vendorMetadata": {}
1303
+ }
1304
+ ]
1305
+ }
1306
+ ],
1307
+ "matchDetails": [
1308
+ {
1309
+ "type": "exact-direct-match",
1310
+ "matcher": "go-module-matcher",
1311
+ "searchedBy": {
1312
+ "language": "go",
1313
+ "namespace": "github:language:go",
1314
+ "package": {
1315
+ "name": "golang.org/x/crypto",
1316
+ "version": "v0.14.0"
1317
+ }
1318
+ },
1319
+ "found": {
1320
+ "versionConstraint": "<0.17.0 (unknown)",
1321
+ "vulnerabilityID": "GHSA-45x7-px36-x8w8"
1322
+ }
1323
+ }
1324
+ ],
1325
+ "artifact": {
1326
+ "id": "b81bc35f9e0deb96",
1327
+ "name": "golang.org/x/crypto",
1328
+ "version": "v0.14.0",
1329
+ "type": "go-module",
1330
+ "locations": [
1331
+ {
1332
+ "path": "/usr/bin/caddy",
1333
+ "layerID": "sha256:176254e3a7327117e1122ac9ea2cb902521a3089695a73050b5a28181cbfe02d"
1334
+ }
1335
+ ],
1336
+ "language": "go",
1337
+ "licenses": [],
1338
+ "cpes": [
1339
+ "cpe:2.3:a:golang:x/crypto:v0.14.0:*:*:*:*:*:*:*"
1340
+ ],
1341
+ "purl": "pkg:golang/golang.org/x/crypto@v0.14.0",
1342
+ "upstreams": [],
1343
+ "metadataType": "GolangBinMetadata",
1344
+ "metadata": {
1345
+ "goCompiledVersion": "go1.21.5",
1346
+ "architecture": "amd64",
1347
+ "h1Digest": "h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=",
1348
+ "mainModule": "command-line-arguments"
1349
+ }
1350
+ }
1351
+ },
1352
+ {
1353
+ "vulnerability": {
1354
+ "id": "CVE-2007-4596",
1355
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-4596",
1356
+ "namespace": "nvd:cpe",
1357
+ "severity": "High",
1358
+ "urls": [
1359
+ "https://www.exploit-db.com/exploits/4314"
1360
+ ],
1361
+ "description": "The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.",
1362
+ "cvss": [
1363
+ {
1364
+ "source": "nvd@nist.gov",
1365
+ "type": "Primary",
1366
+ "version": "2.0",
1367
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
1368
+ "metrics": {
1369
+ "baseScore": 7.5,
1370
+ "exploitabilityScore": 10,
1371
+ "impactScore": 6.4
1372
+ },
1373
+ "vendorMetadata": {}
1374
+ }
1375
+ ],
1376
+ "fix": {
1377
+ "versions": [],
1378
+ "state": "unknown"
1379
+ },
1380
+ "advisories": []
1381
+ },
1382
+ "relatedVulnerabilities": [],
1383
+ "matchDetails": [
1384
+ {
1385
+ "type": "cpe-match",
1386
+ "matcher": "stock-matcher",
1387
+ "searchedBy": {
1388
+ "namespace": "nvd:cpe",
1389
+ "cpes": [
1390
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*"
1391
+ ],
1392
+ "Package": {
1393
+ "name": "php-cli",
1394
+ "version": "8.2.13"
1395
+ }
1396
+ },
1397
+ "found": {
1398
+ "vulnerabilityID": "CVE-2007-4596",
1399
+ "versionConstraint": "none (unknown)",
1400
+ "cpes": [
1401
+ "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*"
1402
+ ]
1403
+ }
1404
+ }
1405
+ ],
1406
+ "artifact": {
1407
+ "id": "99d554a0f68c7f83",
1408
+ "name": "php-cli",
1409
+ "version": "8.2.13",
1410
+ "type": "binary",
1411
+ "locations": [
1412
+ {
1413
+ "path": "/usr/local/bin/php",
1414
+ "layerID": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f"
1415
+ }
1416
+ ],
1417
+ "language": "",
1418
+ "licenses": [],
1419
+ "cpes": [
1420
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*",
1421
+ "cpe:2.3:a:php-cli:php-cli:8.2.13:*:*:*:*:*:*:*",
1422
+ "cpe:2.3:a:php-cli:php_cli:8.2.13:*:*:*:*:*:*:*",
1423
+ "cpe:2.3:a:php_cli:php-cli:8.2.13:*:*:*:*:*:*:*",
1424
+ "cpe:2.3:a:php_cli:php_cli:8.2.13:*:*:*:*:*:*:*",
1425
+ "cpe:2.3:a:php:php-cli:8.2.13:*:*:*:*:*:*:*",
1426
+ "cpe:2.3:a:php:php_cli:8.2.13:*:*:*:*:*:*:*"
1427
+ ],
1428
+ "purl": "pkg:generic/php-cli@8.2.13",
1429
+ "upstreams": []
1430
+ }
1431
+ },
1432
+ {
1433
+ "vulnerability": {
1434
+ "id": "CVE-2022-4900",
1435
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-4900",
1436
+ "namespace": "nvd:cpe",
1437
+ "severity": "Medium",
1438
+ "urls": [
1439
+ "https://access.redhat.com/security/cve/CVE-2022-4900",
1440
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2179880",
1441
+ "https://security.netapp.com/advisory/ntap-20231130-0008/"
1442
+ ],
1443
+ "description": "A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.",
1444
+ "cvss": [
1445
+ {
1446
+ "source": "nvd@nist.gov",
1447
+ "type": "Primary",
1448
+ "version": "3.1",
1449
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
1450
+ "metrics": {
1451
+ "baseScore": 5.5,
1452
+ "exploitabilityScore": 1.8,
1453
+ "impactScore": 3.6
1454
+ },
1455
+ "vendorMetadata": {}
1456
+ },
1457
+ {
1458
+ "source": "secalert@redhat.com",
1459
+ "type": "Secondary",
1460
+ "version": "3.1",
1461
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
1462
+ "metrics": {
1463
+ "baseScore": 6.2,
1464
+ "exploitabilityScore": 2.5,
1465
+ "impactScore": 3.6
1466
+ },
1467
+ "vendorMetadata": {}
1468
+ }
1469
+ ],
1470
+ "fix": {
1471
+ "versions": [],
1472
+ "state": "unknown"
1473
+ },
1474
+ "advisories": []
1475
+ },
1476
+ "relatedVulnerabilities": [],
1477
+ "matchDetails": [
1478
+ {
1479
+ "type": "cpe-match",
1480
+ "matcher": "stock-matcher",
1481
+ "searchedBy": {
1482
+ "namespace": "nvd:cpe",
1483
+ "cpes": [
1484
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*"
1485
+ ],
1486
+ "Package": {
1487
+ "name": "php-cli",
1488
+ "version": "8.2.13"
1489
+ }
1490
+ },
1491
+ "found": {
1492
+ "vulnerabilityID": "CVE-2022-4900",
1493
+ "versionConstraint": "none (unknown)",
1494
+ "cpes": [
1495
+ "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*"
1496
+ ]
1497
+ }
1498
+ }
1499
+ ],
1500
+ "artifact": {
1501
+ "id": "99d554a0f68c7f83",
1502
+ "name": "php-cli",
1503
+ "version": "8.2.13",
1504
+ "type": "binary",
1505
+ "locations": [
1506
+ {
1507
+ "path": "/usr/local/bin/php",
1508
+ "layerID": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f"
1509
+ }
1510
+ ],
1511
+ "language": "",
1512
+ "licenses": [],
1513
+ "cpes": [
1514
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*",
1515
+ "cpe:2.3:a:php-cli:php-cli:8.2.13:*:*:*:*:*:*:*",
1516
+ "cpe:2.3:a:php-cli:php_cli:8.2.13:*:*:*:*:*:*:*",
1517
+ "cpe:2.3:a:php_cli:php-cli:8.2.13:*:*:*:*:*:*:*",
1518
+ "cpe:2.3:a:php_cli:php_cli:8.2.13:*:*:*:*:*:*:*",
1519
+ "cpe:2.3:a:php:php-cli:8.2.13:*:*:*:*:*:*:*",
1520
+ "cpe:2.3:a:php:php_cli:8.2.13:*:*:*:*:*:*:*"
1521
+ ],
1522
+ "purl": "pkg:generic/php-cli@8.2.13",
1523
+ "upstreams": []
1524
+ }
1525
+ },
1526
+ {
1527
+ "vulnerability": {
1528
+ "id": "CVE-2007-3205",
1529
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-3205",
1530
+ "namespace": "nvd:cpe",
1531
+ "severity": "Medium",
1532
+ "urls": [
1533
+ "http://osvdb.org/39834",
1534
+ "http://securityreason.com/securityalert/2800",
1535
+ "http://www.acid-root.new.fr/advisories/14070612.txt",
1536
+ "http://www.securityfocus.com/archive/1/471178/100/0/threaded",
1537
+ "http://www.securityfocus.com/archive/1/471204/100/0/threaded",
1538
+ "http://www.securityfocus.com/archive/1/471275/100/0/threaded",
1539
+ "https://exchange.xforce.ibmcloud.com/vulnerabilities/34836"
1540
+ ],
1541
+ "description": "The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.",
1542
+ "cvss": [
1543
+ {
1544
+ "source": "nvd@nist.gov",
1545
+ "type": "Primary",
1546
+ "version": "2.0",
1547
+ "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
1548
+ "metrics": {
1549
+ "baseScore": 5,
1550
+ "exploitabilityScore": 10,
1551
+ "impactScore": 2.9
1552
+ },
1553
+ "vendorMetadata": {}
1554
+ }
1555
+ ],
1556
+ "fix": {
1557
+ "versions": [],
1558
+ "state": "unknown"
1559
+ },
1560
+ "advisories": []
1561
+ },
1562
+ "relatedVulnerabilities": [],
1563
+ "matchDetails": [
1564
+ {
1565
+ "type": "cpe-match",
1566
+ "matcher": "stock-matcher",
1567
+ "searchedBy": {
1568
+ "namespace": "nvd:cpe",
1569
+ "cpes": [
1570
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*"
1571
+ ],
1572
+ "Package": {
1573
+ "name": "php-cli",
1574
+ "version": "8.2.13"
1575
+ }
1576
+ },
1577
+ "found": {
1578
+ "vulnerabilityID": "CVE-2007-3205",
1579
+ "versionConstraint": "none (unknown)",
1580
+ "cpes": [
1581
+ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
1582
+ ]
1583
+ }
1584
+ }
1585
+ ],
1586
+ "artifact": {
1587
+ "id": "99d554a0f68c7f83",
1588
+ "name": "php-cli",
1589
+ "version": "8.2.13",
1590
+ "type": "binary",
1591
+ "locations": [
1592
+ {
1593
+ "path": "/usr/local/bin/php",
1594
+ "layerID": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f"
1595
+ }
1596
+ ],
1597
+ "language": "",
1598
+ "licenses": [],
1599
+ "cpes": [
1600
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*",
1601
+ "cpe:2.3:a:php-cli:php-cli:8.2.13:*:*:*:*:*:*:*",
1602
+ "cpe:2.3:a:php-cli:php_cli:8.2.13:*:*:*:*:*:*:*",
1603
+ "cpe:2.3:a:php_cli:php-cli:8.2.13:*:*:*:*:*:*:*",
1604
+ "cpe:2.3:a:php_cli:php_cli:8.2.13:*:*:*:*:*:*:*",
1605
+ "cpe:2.3:a:php:php-cli:8.2.13:*:*:*:*:*:*:*",
1606
+ "cpe:2.3:a:php:php_cli:8.2.13:*:*:*:*:*:*:*"
1607
+ ],
1608
+ "purl": "pkg:generic/php-cli@8.2.13",
1609
+ "upstreams": []
1610
+ }
1611
+ },
1612
+ {
1613
+ "vulnerability": {
1614
+ "id": "CVE-2007-2728",
1615
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-2728",
1616
+ "namespace": "nvd:cpe",
1617
+ "severity": "Medium",
1618
+ "urls": [
1619
+ "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html",
1620
+ "http://osvdb.org/36086",
1621
+ "http://secunia.com/advisories/25306",
1622
+ "http://secunia.com/advisories/26102",
1623
+ "http://secunia.com/advisories/26895",
1624
+ "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187",
1625
+ "http://www.novell.com/linux/security/advisories/2007_15_sr.html",
1626
+ "http://www.ubuntu.com/usn/usn-485-1",
1627
+ "http://www.vupen.com/english/advisories/2007/1839"
1628
+ ],
1629
+ "description": "The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.",
1630
+ "cvss": [
1631
+ {
1632
+ "source": "nvd@nist.gov",
1633
+ "type": "Primary",
1634
+ "version": "2.0",
1635
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
1636
+ "metrics": {
1637
+ "baseScore": 5,
1638
+ "exploitabilityScore": 10,
1639
+ "impactScore": 2.9
1640
+ },
1641
+ "vendorMetadata": {}
1642
+ }
1643
+ ],
1644
+ "fix": {
1645
+ "versions": [],
1646
+ "state": "unknown"
1647
+ },
1648
+ "advisories": []
1649
+ },
1650
+ "relatedVulnerabilities": [],
1651
+ "matchDetails": [
1652
+ {
1653
+ "type": "cpe-match",
1654
+ "matcher": "stock-matcher",
1655
+ "searchedBy": {
1656
+ "namespace": "nvd:cpe",
1657
+ "cpes": [
1658
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*"
1659
+ ],
1660
+ "Package": {
1661
+ "name": "php-cli",
1662
+ "version": "8.2.13"
1663
+ }
1664
+ },
1665
+ "found": {
1666
+ "vulnerabilityID": "CVE-2007-2728",
1667
+ "versionConstraint": "none (unknown)",
1668
+ "cpes": [
1669
+ "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*"
1670
+ ]
1671
+ }
1672
+ }
1673
+ ],
1674
+ "artifact": {
1675
+ "id": "99d554a0f68c7f83",
1676
+ "name": "php-cli",
1677
+ "version": "8.2.13",
1678
+ "type": "binary",
1679
+ "locations": [
1680
+ {
1681
+ "path": "/usr/local/bin/php",
1682
+ "layerID": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f"
1683
+ }
1684
+ ],
1685
+ "language": "",
1686
+ "licenses": [],
1687
+ "cpes": [
1688
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*",
1689
+ "cpe:2.3:a:php-cli:php-cli:8.2.13:*:*:*:*:*:*:*",
1690
+ "cpe:2.3:a:php-cli:php_cli:8.2.13:*:*:*:*:*:*:*",
1691
+ "cpe:2.3:a:php_cli:php-cli:8.2.13:*:*:*:*:*:*:*",
1692
+ "cpe:2.3:a:php_cli:php_cli:8.2.13:*:*:*:*:*:*:*",
1693
+ "cpe:2.3:a:php:php-cli:8.2.13:*:*:*:*:*:*:*",
1694
+ "cpe:2.3:a:php:php_cli:8.2.13:*:*:*:*:*:*:*"
1695
+ ],
1696
+ "purl": "pkg:generic/php-cli@8.2.13",
1697
+ "upstreams": []
1698
+ }
1699
+ },
1700
+ {
1701
+ "vulnerability": {
1702
+ "id": "CVE-2007-4596",
1703
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-4596",
1704
+ "namespace": "nvd:cpe",
1705
+ "severity": "High",
1706
+ "urls": [
1707
+ "https://www.exploit-db.com/exploits/4314"
1708
+ ],
1709
+ "description": "The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.",
1710
+ "cvss": [
1711
+ {
1712
+ "source": "nvd@nist.gov",
1713
+ "type": "Primary",
1714
+ "version": "2.0",
1715
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
1716
+ "metrics": {
1717
+ "baseScore": 7.5,
1718
+ "exploitabilityScore": 10,
1719
+ "impactScore": 6.4
1720
+ },
1721
+ "vendorMetadata": {}
1722
+ }
1723
+ ],
1724
+ "fix": {
1725
+ "versions": [],
1726
+ "state": "unknown"
1727
+ },
1728
+ "advisories": []
1729
+ },
1730
+ "relatedVulnerabilities": [],
1731
+ "matchDetails": [
1732
+ {
1733
+ "type": "cpe-match",
1734
+ "matcher": "stock-matcher",
1735
+ "searchedBy": {
1736
+ "namespace": "nvd:cpe",
1737
+ "cpes": [
1738
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*"
1739
+ ],
1740
+ "Package": {
1741
+ "name": "php-fpm",
1742
+ "version": "8.2.13"
1743
+ }
1744
+ },
1745
+ "found": {
1746
+ "vulnerabilityID": "CVE-2007-4596",
1747
+ "versionConstraint": "none (unknown)",
1748
+ "cpes": [
1749
+ "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*"
1750
+ ]
1751
+ }
1752
+ }
1753
+ ],
1754
+ "artifact": {
1755
+ "id": "bf439fd0257f0834",
1756
+ "name": "php-fpm",
1757
+ "version": "8.2.13",
1758
+ "type": "binary",
1759
+ "locations": [
1760
+ {
1761
+ "path": "/usr/local/sbin/php-fpm",
1762
+ "layerID": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f"
1763
+ }
1764
+ ],
1765
+ "language": "",
1766
+ "licenses": [],
1767
+ "cpes": [
1768
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*",
1769
+ "cpe:2.3:a:php-fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
1770
+ "cpe:2.3:a:php-fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
1771
+ "cpe:2.3:a:php_fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
1772
+ "cpe:2.3:a:php_fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
1773
+ "cpe:2.3:a:php:php-fpm:8.2.13:*:*:*:*:*:*:*",
1774
+ "cpe:2.3:a:php:php_fpm:8.2.13:*:*:*:*:*:*:*"
1775
+ ],
1776
+ "purl": "pkg:generic/php-fpm@8.2.13",
1777
+ "upstreams": []
1778
+ }
1779
+ },
1780
+ {
1781
+ "vulnerability": {
1782
+ "id": "CVE-2022-4900",
1783
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-4900",
1784
+ "namespace": "nvd:cpe",
1785
+ "severity": "Medium",
1786
+ "urls": [
1787
+ "https://access.redhat.com/security/cve/CVE-2022-4900",
1788
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2179880",
1789
+ "https://security.netapp.com/advisory/ntap-20231130-0008/"
1790
+ ],
1791
+ "description": "A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.",
1792
+ "cvss": [
1793
+ {
1794
+ "source": "nvd@nist.gov",
1795
+ "type": "Primary",
1796
+ "version": "3.1",
1797
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
1798
+ "metrics": {
1799
+ "baseScore": 5.5,
1800
+ "exploitabilityScore": 1.8,
1801
+ "impactScore": 3.6
1802
+ },
1803
+ "vendorMetadata": {}
1804
+ },
1805
+ {
1806
+ "source": "secalert@redhat.com",
1807
+ "type": "Secondary",
1808
+ "version": "3.1",
1809
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
1810
+ "metrics": {
1811
+ "baseScore": 6.2,
1812
+ "exploitabilityScore": 2.5,
1813
+ "impactScore": 3.6
1814
+ },
1815
+ "vendorMetadata": {}
1816
+ }
1817
+ ],
1818
+ "fix": {
1819
+ "versions": [],
1820
+ "state": "unknown"
1821
+ },
1822
+ "advisories": []
1823
+ },
1824
+ "relatedVulnerabilities": [],
1825
+ "matchDetails": [
1826
+ {
1827
+ "type": "cpe-match",
1828
+ "matcher": "stock-matcher",
1829
+ "searchedBy": {
1830
+ "namespace": "nvd:cpe",
1831
+ "cpes": [
1832
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*"
1833
+ ],
1834
+ "Package": {
1835
+ "name": "php-fpm",
1836
+ "version": "8.2.13"
1837
+ }
1838
+ },
1839
+ "found": {
1840
+ "vulnerabilityID": "CVE-2022-4900",
1841
+ "versionConstraint": "none (unknown)",
1842
+ "cpes": [
1843
+ "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*"
1844
+ ]
1845
+ }
1846
+ }
1847
+ ],
1848
+ "artifact": {
1849
+ "id": "bf439fd0257f0834",
1850
+ "name": "php-fpm",
1851
+ "version": "8.2.13",
1852
+ "type": "binary",
1853
+ "locations": [
1854
+ {
1855
+ "path": "/usr/local/sbin/php-fpm",
1856
+ "layerID": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f"
1857
+ }
1858
+ ],
1859
+ "language": "",
1860
+ "licenses": [],
1861
+ "cpes": [
1862
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*",
1863
+ "cpe:2.3:a:php-fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
1864
+ "cpe:2.3:a:php-fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
1865
+ "cpe:2.3:a:php_fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
1866
+ "cpe:2.3:a:php_fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
1867
+ "cpe:2.3:a:php:php-fpm:8.2.13:*:*:*:*:*:*:*",
1868
+ "cpe:2.3:a:php:php_fpm:8.2.13:*:*:*:*:*:*:*"
1869
+ ],
1870
+ "purl": "pkg:generic/php-fpm@8.2.13",
1871
+ "upstreams": []
1872
+ }
1873
+ },
1874
+ {
1875
+ "vulnerability": {
1876
+ "id": "CVE-2015-3211",
1877
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3211",
1878
+ "namespace": "nvd:cpe",
1879
+ "severity": "Medium",
1880
+ "urls": [
1881
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1228721"
1882
+ ],
1883
+ "description": "php-fpm allows local users to write to or create arbitrary files via a symlink attack.",
1884
+ "cvss": [
1885
+ {
1886
+ "source": "nvd@nist.gov",
1887
+ "type": "Primary",
1888
+ "version": "2.0",
1889
+ "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
1890
+ "metrics": {
1891
+ "baseScore": 2.1,
1892
+ "exploitabilityScore": 3.9,
1893
+ "impactScore": 2.9
1894
+ },
1895
+ "vendorMetadata": {}
1896
+ },
1897
+ {
1898
+ "source": "nvd@nist.gov",
1899
+ "type": "Primary",
1900
+ "version": "3.0",
1901
+ "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
1902
+ "metrics": {
1903
+ "baseScore": 5.5,
1904
+ "exploitabilityScore": 1.8,
1905
+ "impactScore": 3.6
1906
+ },
1907
+ "vendorMetadata": {}
1908
+ }
1909
+ ],
1910
+ "fix": {
1911
+ "versions": [],
1912
+ "state": "unknown"
1913
+ },
1914
+ "advisories": []
1915
+ },
1916
+ "relatedVulnerabilities": [],
1917
+ "matchDetails": [
1918
+ {
1919
+ "type": "cpe-match",
1920
+ "matcher": "stock-matcher",
1921
+ "searchedBy": {
1922
+ "namespace": "nvd:cpe",
1923
+ "cpes": [
1924
+ "cpe:2.3:a:php-fpm:php-fpm:8.2.13:*:*:*:*:*:*:*"
1925
+ ],
1926
+ "Package": {
1927
+ "name": "php-fpm",
1928
+ "version": "8.2.13"
1929
+ }
1930
+ },
1931
+ "found": {
1932
+ "vulnerabilityID": "CVE-2015-3211",
1933
+ "versionConstraint": "none (unknown)",
1934
+ "cpes": [
1935
+ "cpe:2.3:a:php-fpm:php-fpm:-:*:*:*:*:*:*:*"
1936
+ ]
1937
+ }
1938
+ }
1939
+ ],
1940
+ "artifact": {
1941
+ "id": "bf439fd0257f0834",
1942
+ "name": "php-fpm",
1943
+ "version": "8.2.13",
1944
+ "type": "binary",
1945
+ "locations": [
1946
+ {
1947
+ "path": "/usr/local/sbin/php-fpm",
1948
+ "layerID": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f"
1949
+ }
1950
+ ],
1951
+ "language": "",
1952
+ "licenses": [],
1953
+ "cpes": [
1954
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*",
1955
+ "cpe:2.3:a:php-fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
1956
+ "cpe:2.3:a:php-fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
1957
+ "cpe:2.3:a:php_fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
1958
+ "cpe:2.3:a:php_fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
1959
+ "cpe:2.3:a:php:php-fpm:8.2.13:*:*:*:*:*:*:*",
1960
+ "cpe:2.3:a:php:php_fpm:8.2.13:*:*:*:*:*:*:*"
1961
+ ],
1962
+ "purl": "pkg:generic/php-fpm@8.2.13",
1963
+ "upstreams": []
1964
+ }
1965
+ },
1966
+ {
1967
+ "vulnerability": {
1968
+ "id": "CVE-2007-3205",
1969
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-3205",
1970
+ "namespace": "nvd:cpe",
1971
+ "severity": "Medium",
1972
+ "urls": [
1973
+ "http://osvdb.org/39834",
1974
+ "http://securityreason.com/securityalert/2800",
1975
+ "http://www.acid-root.new.fr/advisories/14070612.txt",
1976
+ "http://www.securityfocus.com/archive/1/471178/100/0/threaded",
1977
+ "http://www.securityfocus.com/archive/1/471204/100/0/threaded",
1978
+ "http://www.securityfocus.com/archive/1/471275/100/0/threaded",
1979
+ "https://exchange.xforce.ibmcloud.com/vulnerabilities/34836"
1980
+ ],
1981
+ "description": "The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.",
1982
+ "cvss": [
1983
+ {
1984
+ "source": "nvd@nist.gov",
1985
+ "type": "Primary",
1986
+ "version": "2.0",
1987
+ "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
1988
+ "metrics": {
1989
+ "baseScore": 5,
1990
+ "exploitabilityScore": 10,
1991
+ "impactScore": 2.9
1992
+ },
1993
+ "vendorMetadata": {}
1994
+ }
1995
+ ],
1996
+ "fix": {
1997
+ "versions": [],
1998
+ "state": "unknown"
1999
+ },
2000
+ "advisories": []
2001
+ },
2002
+ "relatedVulnerabilities": [],
2003
+ "matchDetails": [
2004
+ {
2005
+ "type": "cpe-match",
2006
+ "matcher": "stock-matcher",
2007
+ "searchedBy": {
2008
+ "namespace": "nvd:cpe",
2009
+ "cpes": [
2010
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*"
2011
+ ],
2012
+ "Package": {
2013
+ "name": "php-fpm",
2014
+ "version": "8.2.13"
2015
+ }
2016
+ },
2017
+ "found": {
2018
+ "vulnerabilityID": "CVE-2007-3205",
2019
+ "versionConstraint": "none (unknown)",
2020
+ "cpes": [
2021
+ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
2022
+ ]
2023
+ }
2024
+ }
2025
+ ],
2026
+ "artifact": {
2027
+ "id": "bf439fd0257f0834",
2028
+ "name": "php-fpm",
2029
+ "version": "8.2.13",
2030
+ "type": "binary",
2031
+ "locations": [
2032
+ {
2033
+ "path": "/usr/local/sbin/php-fpm",
2034
+ "layerID": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f"
2035
+ }
2036
+ ],
2037
+ "language": "",
2038
+ "licenses": [],
2039
+ "cpes": [
2040
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*",
2041
+ "cpe:2.3:a:php-fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
2042
+ "cpe:2.3:a:php-fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
2043
+ "cpe:2.3:a:php_fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
2044
+ "cpe:2.3:a:php_fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
2045
+ "cpe:2.3:a:php:php-fpm:8.2.13:*:*:*:*:*:*:*",
2046
+ "cpe:2.3:a:php:php_fpm:8.2.13:*:*:*:*:*:*:*"
2047
+ ],
2048
+ "purl": "pkg:generic/php-fpm@8.2.13",
2049
+ "upstreams": []
2050
+ }
2051
+ },
2052
+ {
2053
+ "vulnerability": {
2054
+ "id": "CVE-2007-2728",
2055
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-2728",
2056
+ "namespace": "nvd:cpe",
2057
+ "severity": "Medium",
2058
+ "urls": [
2059
+ "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html",
2060
+ "http://osvdb.org/36086",
2061
+ "http://secunia.com/advisories/25306",
2062
+ "http://secunia.com/advisories/26102",
2063
+ "http://secunia.com/advisories/26895",
2064
+ "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187",
2065
+ "http://www.novell.com/linux/security/advisories/2007_15_sr.html",
2066
+ "http://www.ubuntu.com/usn/usn-485-1",
2067
+ "http://www.vupen.com/english/advisories/2007/1839"
2068
+ ],
2069
+ "description": "The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.",
2070
+ "cvss": [
2071
+ {
2072
+ "source": "nvd@nist.gov",
2073
+ "type": "Primary",
2074
+ "version": "2.0",
2075
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
2076
+ "metrics": {
2077
+ "baseScore": 5,
2078
+ "exploitabilityScore": 10,
2079
+ "impactScore": 2.9
2080
+ },
2081
+ "vendorMetadata": {}
2082
+ }
2083
+ ],
2084
+ "fix": {
2085
+ "versions": [],
2086
+ "state": "unknown"
2087
+ },
2088
+ "advisories": []
2089
+ },
2090
+ "relatedVulnerabilities": [],
2091
+ "matchDetails": [
2092
+ {
2093
+ "type": "cpe-match",
2094
+ "matcher": "stock-matcher",
2095
+ "searchedBy": {
2096
+ "namespace": "nvd:cpe",
2097
+ "cpes": [
2098
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*"
2099
+ ],
2100
+ "Package": {
2101
+ "name": "php-fpm",
2102
+ "version": "8.2.13"
2103
+ }
2104
+ },
2105
+ "found": {
2106
+ "vulnerabilityID": "CVE-2007-2728",
2107
+ "versionConstraint": "none (unknown)",
2108
+ "cpes": [
2109
+ "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*"
2110
+ ]
2111
+ }
2112
+ }
2113
+ ],
2114
+ "artifact": {
2115
+ "id": "bf439fd0257f0834",
2116
+ "name": "php-fpm",
2117
+ "version": "8.2.13",
2118
+ "type": "binary",
2119
+ "locations": [
2120
+ {
2121
+ "path": "/usr/local/sbin/php-fpm",
2122
+ "layerID": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f"
2123
+ }
2124
+ ],
2125
+ "language": "",
2126
+ "licenses": [],
2127
+ "cpes": [
2128
+ "cpe:2.3:a:php:php:8.2.13:*:*:*:*:*:*:*",
2129
+ "cpe:2.3:a:php-fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
2130
+ "cpe:2.3:a:php-fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
2131
+ "cpe:2.3:a:php_fpm:php-fpm:8.2.13:*:*:*:*:*:*:*",
2132
+ "cpe:2.3:a:php_fpm:php_fpm:8.2.13:*:*:*:*:*:*:*",
2133
+ "cpe:2.3:a:php:php-fpm:8.2.13:*:*:*:*:*:*:*",
2134
+ "cpe:2.3:a:php:php_fpm:8.2.13:*:*:*:*:*:*:*"
2135
+ ],
2136
+ "purl": "pkg:generic/php-fpm@8.2.13",
2137
+ "upstreams": []
2138
+ }
2139
+ },
2140
+ {
2141
+ "vulnerability": {
2142
+ "id": "CVE-2023-7104",
2143
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-7104",
2144
+ "namespace": "nvd:cpe",
2145
+ "severity": "Critical",
2146
+ "urls": [
2147
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/",
2148
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/",
2149
+ "https://sqlite.org/forum/forumpost/5bcbf4571c",
2150
+ "https://sqlite.org/src/info/0e4e7a05c4204b47",
2151
+ "https://vuldb.com/?ctiid.248999",
2152
+ "https://vuldb.com/?id.248999"
2153
+ ],
2154
+ "description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.",
2155
+ "cvss": [
2156
+ {
2157
+ "source": "cna@vuldb.com",
2158
+ "type": "Secondary",
2159
+ "version": "2.0",
2160
+ "vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
2161
+ "metrics": {
2162
+ "baseScore": 5.2,
2163
+ "exploitabilityScore": 5.1,
2164
+ "impactScore": 6.4
2165
+ },
2166
+ "vendorMetadata": {}
2167
+ },
2168
+ {
2169
+ "source": "nvd@nist.gov",
2170
+ "type": "Primary",
2171
+ "version": "3.1",
2172
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
2173
+ "metrics": {
2174
+ "baseScore": 9.8,
2175
+ "exploitabilityScore": 3.9,
2176
+ "impactScore": 5.9
2177
+ },
2178
+ "vendorMetadata": {}
2179
+ },
2180
+ {
2181
+ "source": "cna@vuldb.com",
2182
+ "type": "Secondary",
2183
+ "version": "3.1",
2184
+ "vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
2185
+ "metrics": {
2186
+ "baseScore": 5.5,
2187
+ "exploitabilityScore": 2.1,
2188
+ "impactScore": 3.4
2189
+ },
2190
+ "vendorMetadata": {}
2191
+ }
2192
+ ],
2193
+ "fix": {
2194
+ "versions": [],
2195
+ "state": "unknown"
2196
+ },
2197
+ "advisories": []
2198
+ },
2199
+ "relatedVulnerabilities": [],
2200
+ "matchDetails": [
2201
+ {
2202
+ "type": "cpe-match",
2203
+ "matcher": "apk-matcher",
2204
+ "searchedBy": {
2205
+ "namespace": "nvd:cpe",
2206
+ "cpes": [
2207
+ "cpe:2.3:a:sqlite:sqlite:3.41.2-r2:*:*:*:*:*:*:*"
2208
+ ],
2209
+ "Package": {
2210
+ "name": "sqlite",
2211
+ "version": "3.41.2-r2"
2212
+ }
2213
+ },
2214
+ "found": {
2215
+ "vulnerabilityID": "CVE-2023-7104",
2216
+ "versionConstraint": "<= 3.43.0 (unknown)",
2217
+ "cpes": [
2218
+ "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*"
2219
+ ]
2220
+ }
2221
+ }
2222
+ ],
2223
+ "artifact": {
2224
+ "id": "ee94c84f8e1f6b02",
2225
+ "name": "sqlite-libs",
2226
+ "version": "3.41.2-r2",
2227
+ "type": "apk",
2228
+ "locations": [
2229
+ {
2230
+ "path": "/lib/apk/db/installed",
2231
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
2232
+ }
2233
+ ],
2234
+ "language": "",
2235
+ "licenses": [
2236
+ "blessing"
2237
+ ],
2238
+ "cpes": [
2239
+ "cpe:2.3:a:sqlite-libs:sqlite-libs:3.41.2-r2:*:*:*:*:*:*:*",
2240
+ "cpe:2.3:a:sqlite-libs:sqlite_libs:3.41.2-r2:*:*:*:*:*:*:*",
2241
+ "cpe:2.3:a:sqlite_libs:sqlite-libs:3.41.2-r2:*:*:*:*:*:*:*",
2242
+ "cpe:2.3:a:sqlite_libs:sqlite_libs:3.41.2-r2:*:*:*:*:*:*:*",
2243
+ "cpe:2.3:a:sqlite:sqlite-libs:3.41.2-r2:*:*:*:*:*:*:*",
2244
+ "cpe:2.3:a:sqlite:sqlite_libs:3.41.2-r2:*:*:*:*:*:*:*"
2245
+ ],
2246
+ "purl": "pkg:apk/alpine/sqlite-libs@3.41.2-r2?arch=x86_64&upstream=sqlite&distro=alpine-3.18.5",
2247
+ "upstreams": [
2248
+ {
2249
+ "name": "sqlite"
2250
+ }
2251
+ ]
2252
+ }
2253
+ },
2254
+ {
2255
+ "vulnerability": {
2256
+ "id": "CVE-2023-42366",
2257
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42366",
2258
+ "namespace": "nvd:cpe",
2259
+ "severity": "Medium",
2260
+ "urls": [
2261
+ "https://bugs.busybox.net/show_bug.cgi?id=15874"
2262
+ ],
2263
+ "description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.",
2264
+ "cvss": [
2265
+ {
2266
+ "source": "nvd@nist.gov",
2267
+ "type": "Primary",
2268
+ "version": "3.1",
2269
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
2270
+ "metrics": {
2271
+ "baseScore": 5.5,
2272
+ "exploitabilityScore": 1.8,
2273
+ "impactScore": 3.6
2274
+ },
2275
+ "vendorMetadata": {}
2276
+ }
2277
+ ],
2278
+ "fix": {
2279
+ "versions": [],
2280
+ "state": "unknown"
2281
+ },
2282
+ "advisories": []
2283
+ },
2284
+ "relatedVulnerabilities": [],
2285
+ "matchDetails": [
2286
+ {
2287
+ "type": "cpe-match",
2288
+ "matcher": "apk-matcher",
2289
+ "searchedBy": {
2290
+ "namespace": "nvd:cpe",
2291
+ "cpes": [
2292
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
2293
+ ],
2294
+ "Package": {
2295
+ "name": "busybox",
2296
+ "version": "1.36.1-r5"
2297
+ }
2298
+ },
2299
+ "found": {
2300
+ "vulnerabilityID": "CVE-2023-42366",
2301
+ "versionConstraint": "= 1.36.1 (unknown)",
2302
+ "cpes": [
2303
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
2304
+ ]
2305
+ }
2306
+ }
2307
+ ],
2308
+ "artifact": {
2309
+ "id": "9a41fe1896e4ce46",
2310
+ "name": "ssl_client",
2311
+ "version": "1.36.1-r5",
2312
+ "type": "apk",
2313
+ "locations": [
2314
+ {
2315
+ "path": "/lib/apk/db/installed",
2316
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
2317
+ }
2318
+ ],
2319
+ "language": "",
2320
+ "licenses": [
2321
+ "GPL-2.0-only"
2322
+ ],
2323
+ "cpes": [
2324
+ "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2325
+ "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r5:*:*:*:*:*:*:*",
2326
+ "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2327
+ "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r5:*:*:*:*:*:*:*",
2328
+ "cpe:2.3:a:ssl:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2329
+ "cpe:2.3:a:ssl:ssl_client:1.36.1-r5:*:*:*:*:*:*:*"
2330
+ ],
2331
+ "purl": "pkg:apk/alpine/ssl_client@1.36.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.18.5",
2332
+ "upstreams": [
2333
+ {
2334
+ "name": "busybox"
2335
+ }
2336
+ ]
2337
+ }
2338
+ },
2339
+ {
2340
+ "vulnerability": {
2341
+ "id": "CVE-2023-42365",
2342
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42365",
2343
+ "namespace": "nvd:cpe",
2344
+ "severity": "Medium",
2345
+ "urls": [
2346
+ "https://bugs.busybox.net/show_bug.cgi?id=15871"
2347
+ ],
2348
+ "description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.",
2349
+ "cvss": [
2350
+ {
2351
+ "source": "nvd@nist.gov",
2352
+ "type": "Primary",
2353
+ "version": "3.1",
2354
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
2355
+ "metrics": {
2356
+ "baseScore": 5.5,
2357
+ "exploitabilityScore": 1.8,
2358
+ "impactScore": 3.6
2359
+ },
2360
+ "vendorMetadata": {}
2361
+ }
2362
+ ],
2363
+ "fix": {
2364
+ "versions": [],
2365
+ "state": "unknown"
2366
+ },
2367
+ "advisories": []
2368
+ },
2369
+ "relatedVulnerabilities": [],
2370
+ "matchDetails": [
2371
+ {
2372
+ "type": "cpe-match",
2373
+ "matcher": "apk-matcher",
2374
+ "searchedBy": {
2375
+ "namespace": "nvd:cpe",
2376
+ "cpes": [
2377
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
2378
+ ],
2379
+ "Package": {
2380
+ "name": "busybox",
2381
+ "version": "1.36.1-r5"
2382
+ }
2383
+ },
2384
+ "found": {
2385
+ "vulnerabilityID": "CVE-2023-42365",
2386
+ "versionConstraint": "= 1.36.1 (unknown)",
2387
+ "cpes": [
2388
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
2389
+ ]
2390
+ }
2391
+ }
2392
+ ],
2393
+ "artifact": {
2394
+ "id": "9a41fe1896e4ce46",
2395
+ "name": "ssl_client",
2396
+ "version": "1.36.1-r5",
2397
+ "type": "apk",
2398
+ "locations": [
2399
+ {
2400
+ "path": "/lib/apk/db/installed",
2401
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
2402
+ }
2403
+ ],
2404
+ "language": "",
2405
+ "licenses": [
2406
+ "GPL-2.0-only"
2407
+ ],
2408
+ "cpes": [
2409
+ "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2410
+ "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r5:*:*:*:*:*:*:*",
2411
+ "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2412
+ "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r5:*:*:*:*:*:*:*",
2413
+ "cpe:2.3:a:ssl:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2414
+ "cpe:2.3:a:ssl:ssl_client:1.36.1-r5:*:*:*:*:*:*:*"
2415
+ ],
2416
+ "purl": "pkg:apk/alpine/ssl_client@1.36.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.18.5",
2417
+ "upstreams": [
2418
+ {
2419
+ "name": "busybox"
2420
+ }
2421
+ ]
2422
+ }
2423
+ },
2424
+ {
2425
+ "vulnerability": {
2426
+ "id": "CVE-2023-42364",
2427
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42364",
2428
+ "namespace": "nvd:cpe",
2429
+ "severity": "Medium",
2430
+ "urls": [
2431
+ "https://bugs.busybox.net/show_bug.cgi?id=15868"
2432
+ ],
2433
+ "description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.",
2434
+ "cvss": [
2435
+ {
2436
+ "source": "nvd@nist.gov",
2437
+ "type": "Primary",
2438
+ "version": "3.1",
2439
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
2440
+ "metrics": {
2441
+ "baseScore": 5.5,
2442
+ "exploitabilityScore": 1.8,
2443
+ "impactScore": 3.6
2444
+ },
2445
+ "vendorMetadata": {}
2446
+ }
2447
+ ],
2448
+ "fix": {
2449
+ "versions": [],
2450
+ "state": "unknown"
2451
+ },
2452
+ "advisories": []
2453
+ },
2454
+ "relatedVulnerabilities": [],
2455
+ "matchDetails": [
2456
+ {
2457
+ "type": "cpe-match",
2458
+ "matcher": "apk-matcher",
2459
+ "searchedBy": {
2460
+ "namespace": "nvd:cpe",
2461
+ "cpes": [
2462
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
2463
+ ],
2464
+ "Package": {
2465
+ "name": "busybox",
2466
+ "version": "1.36.1-r5"
2467
+ }
2468
+ },
2469
+ "found": {
2470
+ "vulnerabilityID": "CVE-2023-42364",
2471
+ "versionConstraint": "= 1.36.1 (unknown)",
2472
+ "cpes": [
2473
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
2474
+ ]
2475
+ }
2476
+ }
2477
+ ],
2478
+ "artifact": {
2479
+ "id": "9a41fe1896e4ce46",
2480
+ "name": "ssl_client",
2481
+ "version": "1.36.1-r5",
2482
+ "type": "apk",
2483
+ "locations": [
2484
+ {
2485
+ "path": "/lib/apk/db/installed",
2486
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
2487
+ }
2488
+ ],
2489
+ "language": "",
2490
+ "licenses": [
2491
+ "GPL-2.0-only"
2492
+ ],
2493
+ "cpes": [
2494
+ "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2495
+ "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r5:*:*:*:*:*:*:*",
2496
+ "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2497
+ "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r5:*:*:*:*:*:*:*",
2498
+ "cpe:2.3:a:ssl:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2499
+ "cpe:2.3:a:ssl:ssl_client:1.36.1-r5:*:*:*:*:*:*:*"
2500
+ ],
2501
+ "purl": "pkg:apk/alpine/ssl_client@1.36.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.18.5",
2502
+ "upstreams": [
2503
+ {
2504
+ "name": "busybox"
2505
+ }
2506
+ ]
2507
+ }
2508
+ },
2509
+ {
2510
+ "vulnerability": {
2511
+ "id": "CVE-2023-42363",
2512
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-42363",
2513
+ "namespace": "nvd:cpe",
2514
+ "severity": "Medium",
2515
+ "urls": [
2516
+ "https://bugs.busybox.net/show_bug.cgi?id=15865"
2517
+ ],
2518
+ "description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.",
2519
+ "cvss": [
2520
+ {
2521
+ "source": "nvd@nist.gov",
2522
+ "type": "Primary",
2523
+ "version": "3.1",
2524
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
2525
+ "metrics": {
2526
+ "baseScore": 5.5,
2527
+ "exploitabilityScore": 1.8,
2528
+ "impactScore": 3.6
2529
+ },
2530
+ "vendorMetadata": {}
2531
+ }
2532
+ ],
2533
+ "fix": {
2534
+ "versions": [],
2535
+ "state": "unknown"
2536
+ },
2537
+ "advisories": []
2538
+ },
2539
+ "relatedVulnerabilities": [],
2540
+ "matchDetails": [
2541
+ {
2542
+ "type": "cpe-match",
2543
+ "matcher": "apk-matcher",
2544
+ "searchedBy": {
2545
+ "namespace": "nvd:cpe",
2546
+ "cpes": [
2547
+ "cpe:2.3:a:busybox:busybox:1.36.1-r5:*:*:*:*:*:*:*"
2548
+ ],
2549
+ "Package": {
2550
+ "name": "busybox",
2551
+ "version": "1.36.1-r5"
2552
+ }
2553
+ },
2554
+ "found": {
2555
+ "vulnerabilityID": "CVE-2023-42363",
2556
+ "versionConstraint": "= 1.36.1 (unknown)",
2557
+ "cpes": [
2558
+ "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*"
2559
+ ]
2560
+ }
2561
+ }
2562
+ ],
2563
+ "artifact": {
2564
+ "id": "9a41fe1896e4ce46",
2565
+ "name": "ssl_client",
2566
+ "version": "1.36.1-r5",
2567
+ "type": "apk",
2568
+ "locations": [
2569
+ {
2570
+ "path": "/lib/apk/db/installed",
2571
+ "layerID": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1"
2572
+ }
2573
+ ],
2574
+ "language": "",
2575
+ "licenses": [
2576
+ "GPL-2.0-only"
2577
+ ],
2578
+ "cpes": [
2579
+ "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2580
+ "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r5:*:*:*:*:*:*:*",
2581
+ "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2582
+ "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r5:*:*:*:*:*:*:*",
2583
+ "cpe:2.3:a:ssl:ssl-client:1.36.1-r5:*:*:*:*:*:*:*",
2584
+ "cpe:2.3:a:ssl:ssl_client:1.36.1-r5:*:*:*:*:*:*:*"
2585
+ ],
2586
+ "purl": "pkg:apk/alpine/ssl_client@1.36.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.18.5",
2587
+ "upstreams": [
2588
+ {
2589
+ "name": "busybox"
2590
+ }
2591
+ ]
2592
+ }
2593
+ },
2594
+ {
2595
+ "vulnerability": {
2596
+ "id": "CVE-2023-45285",
2597
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45285",
2598
+ "namespace": "nvd:cpe",
2599
+ "severity": "High",
2600
+ "urls": [
2601
+ "https://go.dev/cl/540257",
2602
+ "https://go.dev/issue/63845",
2603
+ "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ",
2604
+ "https://pkg.go.dev/vuln/GO-2023-2383"
2605
+ ],
2606
+ "description": "Using go get to fetch a module with the \".git\" suffix may unexpectedly fallback to the insecure \"git://\" protocol if the module is unavailable via the secure \"https://\" and \"git+ssh://\" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).",
2607
+ "cvss": [
2608
+ {
2609
+ "source": "nvd@nist.gov",
2610
+ "type": "Primary",
2611
+ "version": "3.1",
2612
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
2613
+ "metrics": {
2614
+ "baseScore": 7.5,
2615
+ "exploitabilityScore": 3.9,
2616
+ "impactScore": 3.6
2617
+ },
2618
+ "vendorMetadata": {}
2619
+ }
2620
+ ],
2621
+ "fix": {
2622
+ "versions": [],
2623
+ "state": "unknown"
2624
+ },
2625
+ "advisories": []
2626
+ },
2627
+ "relatedVulnerabilities": [],
2628
+ "matchDetails": [
2629
+ {
2630
+ "type": "cpe-match",
2631
+ "matcher": "go-module-matcher",
2632
+ "searchedBy": {
2633
+ "namespace": "nvd:cpe",
2634
+ "cpes": [
2635
+ "cpe:2.3:a:golang:go:1.20.10:-:*:*:*:*:*:*"
2636
+ ],
2637
+ "Package": {
2638
+ "name": "stdlib",
2639
+ "version": "go1.20.10"
2640
+ }
2641
+ },
2642
+ "found": {
2643
+ "vulnerabilityID": "CVE-2023-45285",
2644
+ "versionConstraint": "< 1.20.12 || >= 1.21.0-0, < 1.21.5 (unknown)",
2645
+ "cpes": [
2646
+ "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
2647
+ ]
2648
+ }
2649
+ }
2650
+ ],
2651
+ "artifact": {
2652
+ "id": "ae9f8a393526dbe0",
2653
+ "name": "stdlib",
2654
+ "version": "go1.20.10",
2655
+ "type": "go-module",
2656
+ "locations": [
2657
+ {
2658
+ "path": "/usr/local/bin/docker",
2659
+ "layerID": "sha256:73d49c9e8c2e79a379d822d90a1e5a8b6708b2b22dc42448912e6f67f5073625"
2660
+ }
2661
+ ],
2662
+ "language": "go",
2663
+ "licenses": [
2664
+ "BSD-3-Clause"
2665
+ ],
2666
+ "cpes": [
2667
+ "cpe:2.3:a:golang:go:1.20.10:-:*:*:*:*:*:*"
2668
+ ],
2669
+ "purl": "pkg:golang/stdlib@1.20.10",
2670
+ "upstreams": [],
2671
+ "metadataType": "GolangBinMetadata",
2672
+ "metadata": {
2673
+ "goCompiledVersion": "go1.20.10",
2674
+ "architecture": ""
2675
+ }
2676
+ }
2677
+ },
2678
+ {
2679
+ "vulnerability": {
2680
+ "id": "CVE-2023-39326",
2681
+ "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326",
2682
+ "namespace": "nvd:cpe",
2683
+ "severity": "Medium",
2684
+ "urls": [
2685
+ "https://go.dev/cl/547335",
2686
+ "https://go.dev/issue/64433",
2687
+ "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ",
2688
+ "https://pkg.go.dev/vuln/GO-2023-2382"
2689
+ ],
2690
+ "description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.",
2691
+ "cvss": [
2692
+ {
2693
+ "source": "nvd@nist.gov",
2694
+ "type": "Primary",
2695
+ "version": "3.1",
2696
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
2697
+ "metrics": {
2698
+ "baseScore": 5.3,
2699
+ "exploitabilityScore": 3.9,
2700
+ "impactScore": 1.4
2701
+ },
2702
+ "vendorMetadata": {}
2703
+ }
2704
+ ],
2705
+ "fix": {
2706
+ "versions": [],
2707
+ "state": "unknown"
2708
+ },
2709
+ "advisories": []
2710
+ },
2711
+ "relatedVulnerabilities": [],
2712
+ "matchDetails": [
2713
+ {
2714
+ "type": "cpe-match",
2715
+ "matcher": "go-module-matcher",
2716
+ "searchedBy": {
2717
+ "namespace": "nvd:cpe",
2718
+ "cpes": [
2719
+ "cpe:2.3:a:golang:go:1.20.10:-:*:*:*:*:*:*"
2720
+ ],
2721
+ "Package": {
2722
+ "name": "stdlib",
2723
+ "version": "go1.20.10"
2724
+ }
2725
+ },
2726
+ "found": {
2727
+ "vulnerabilityID": "CVE-2023-39326",
2728
+ "versionConstraint": "< 1.20.12 || >= 1.21.0-0, < 1.21.5 (unknown)",
2729
+ "cpes": [
2730
+ "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
2731
+ ]
2732
+ }
2733
+ }
2734
+ ],
2735
+ "artifact": {
2736
+ "id": "ae9f8a393526dbe0",
2737
+ "name": "stdlib",
2738
+ "version": "go1.20.10",
2739
+ "type": "go-module",
2740
+ "locations": [
2741
+ {
2742
+ "path": "/usr/local/bin/docker",
2743
+ "layerID": "sha256:73d49c9e8c2e79a379d822d90a1e5a8b6708b2b22dc42448912e6f67f5073625"
2744
+ }
2745
+ ],
2746
+ "language": "go",
2747
+ "licenses": [
2748
+ "BSD-3-Clause"
2749
+ ],
2750
+ "cpes": [
2751
+ "cpe:2.3:a:golang:go:1.20.10:-:*:*:*:*:*:*"
2752
+ ],
2753
+ "purl": "pkg:golang/stdlib@1.20.10",
2754
+ "upstreams": [],
2755
+ "metadataType": "GolangBinMetadata",
2756
+ "metadata": {
2757
+ "goCompiledVersion": "go1.20.10",
2758
+ "architecture": ""
2759
+ }
2760
+ }
2761
+ }
2762
+ ],
2763
+ "source": {
2764
+ "type": "image",
2765
+ "target": {
2766
+ "userInput": "nextcloud/all-in-one:latest",
2767
+ "imageID": "sha256:fe2e6ff4961c30ec94b614b1353a1d4a4de4e3a1abdcc194545d0d784ffb0332",
2768
+ "manifestDigest": "sha256:13d912e33ea5dec55fca69192bb0558eadc972ecfc276bbc9a145ac5dac4c80a",
2769
+ "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
2770
+ "tags": [
2771
+ "nextcloud/all-in-one:latest",
2772
+ "nextcloud/all-in-one:20231220_153200-latest"
2773
+ ],
2774
+ "imageSize": 228694329,
2775
+ "layers": [
2776
+ {
2777
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2778
+ "digest": "sha256:9fe9a137fd002363ac64f5af66146702432b638a83ee0c5b620c40a9e433e813",
2779
+ "size": 7334593
2780
+ },
2781
+ {
2782
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2783
+ "digest": "sha256:1c6217769dc1f3dffbbe2e202d133bb4376309e43d0b46740c37d64ede56260d",
2784
+ "size": 5789258
2785
+ },
2786
+ {
2787
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2788
+ "digest": "sha256:ff56ec44cea6ef3f89defedf555485d93329911e07466c02e285bdf3486aa776",
2789
+ "size": 4680
2790
+ },
2791
+ {
2792
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2793
+ "digest": "sha256:e10732e5883a985fe09573e3522d4e9f47a25a897da033b605f13d8b7232730f",
2794
+ "size": 0
2795
+ },
2796
+ {
2797
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2798
+ "digest": "sha256:90ce5413387b8fa2f08ee3eabc79f3e90836d460c19f2f684b317c4890d757bd",
2799
+ "size": 12115986
2800
+ },
2801
+ {
2802
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2803
+ "digest": "sha256:704857386802d33b897d05aba5f7397e5004df3f212a7dd46d8d19bfad9b1609",
2804
+ "size": 587
2805
+ },
2806
+ {
2807
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2808
+ "digest": "sha256:75edd5bf31437a741775ea39bcc8f2551fb0a3103d4a18cb42d7d7f99e1ee17f",
2809
+ "size": 52316079
2810
+ },
2811
+ {
2812
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2813
+ "digest": "sha256:4b3bc75827bd781c5411df4be3b3c71f1f143672476940c9ceeaf1e6b80f4e6d",
2814
+ "size": 7203
2815
+ },
2816
+ {
2817
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2818
+ "digest": "sha256:f7f31228164be512cfe2f8a6368e93db27562a38ee041cd74a431b58d52a0f82",
2819
+ "size": 53205
2820
+ },
2821
+ {
2822
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2823
+ "digest": "sha256:68757d9a42123f3118ff9b5fc554919f50f4f0e332a35dc716cd7ddf39d16efc",
2824
+ "size": 28010
2825
+ },
2826
+ {
2827
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2828
+ "digest": "sha256:176254e3a7327117e1122ac9ea2cb902521a3089695a73050b5a28181cbfe02d",
2829
+ "size": 41029632
2830
+ },
2831
+ {
2832
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2833
+ "digest": "sha256:73d49c9e8c2e79a379d822d90a1e5a8b6708b2b22dc42448912e6f67f5073625",
2834
+ "size": 34764952
2835
+ },
2836
+ {
2837
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2838
+ "digest": "sha256:f479dbe26e51080d9e234d40983ddbaf0e8f607d39d6362e8e623c255880f57c",
2839
+ "size": 0
2840
+ },
2841
+ {
2842
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2843
+ "digest": "sha256:5c59a08537236f823fcefd58c67e97654a664eb58b9d350352f510ea96271ef1",
2844
+ "size": 75220665
2845
+ },
2846
+ {
2847
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2848
+ "digest": "sha256:d0fff7020f895c6bf4b1ac0c550427b0954ebdf66038d25cd191b499ef7474ca",
2849
+ "size": 25303
2850
+ },
2851
+ {
2852
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2853
+ "digest": "sha256:8cdf1cc6df28a8f1d1d6a14a01a60e2150a97e31c30480f4ac10e8f28269177b",
2854
+ "size": 629
2855
+ },
2856
+ {
2857
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2858
+ "digest": "sha256:9c8b8ebeb59acddd823eac3e975233befc358ed485ee96e61ac15c94f3780469",
2859
+ "size": 1600
2860
+ },
2861
+ {
2862
+ "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
2863
+ "digest": "sha256:1c5e081982d18919a5c2e676fb03fb5182f2093b135981c526adaf42f882c211",
2864
+ "size": 1947
2865
+ }
2866
+ ],
2867
+ "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxNjM2MiwiZGlnZXN0Ijoic2hhMjU2OmZlMmU2ZmY0OTYxYzMwZWM5NGI2MTRiMTM1M2ExZDRhNGRlNGUzYTFhYmRjYzE5NDU0NWQwZDc4NGZmYjAzMzIifSwibGF5ZXJzIjpbeyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NzYyOTgyNCwiZGlnZXN0Ijoic2hhMjU2OjlmZTlhMTM3ZmQwMDIzNjNhYzY0ZjVhZjY2MTQ2NzAyNDMyYjYzOGE4M2VlMGM1YjYyMGM0MGE5ZTQzM2U4MTMifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjo2MDg5MjE2LCJkaWdlc3QiOiJzaGEyNTY6MWM2MjE3NzY5ZGMxZjNkZmZiYmUyZTIwMmQxMzNiYjQzNzYzMDllNDNkMGI0Njc0MGMzN2Q2NGVkZTU2MjYwZCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEyMjg4LCJkaWdlc3QiOiJzaGEyNTY6ZmY1NmVjNDRjZWE2ZWYzZjg5ZGVmZWRmNTU1NDg1ZDkzMzI5OTExZTA3NDY2YzAyZTI4NWJkZjM0ODZhYTc3NiJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjYxNDQsImRpZ2VzdCI6InNoYTI1NjplMTA3MzJlNTg4M2E5ODVmZTA5NTczZTM1MjJkNGU5ZjQ3YTI1YTg5N2RhMDMzYjYwNWYxM2Q4YjcyMzI3MzBmIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTIxMzAzMDQsImRpZ2VzdCI6InNoYTI1Njo5MGNlNTQxMzM4N2I4ZmEyZjA4ZWUzZWFiYzc5ZjNlOTA4MzZkNDYwYzE5ZjJmNjg0YjMxN2M0ODkwZDc1N2JkIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2OjcwNDg1NzM4NjgwMmQzM2I4OTdkMDVhYmE1ZjczOTdlNTAwNGRmM2YyMTJhN2RkNDZkOGQxOWJmYWQ5YjE2MDkifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjo1Mjg2NzU4NCwiZGlnZXN0Ijoic2hhMjU2Ojc1ZWRkNWJmMzE0MzdhNzQxNzc1ZWEzOWJjYzhmMjU1MWZiMGEzMTAzZDRhMThjYjQyZDdkN2Y5OWUxZWUxN2YifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMjgwMCwiZGlnZXN0Ijoic2hhMjU2OjRiM2JjNzU4MjdiZDc4MWM1NDExZGY0YmUzYjNjNzFmMWYxNDM2NzI0NzY5NDBjOWNlZWFmMWU2YjgwZjRlNmQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjo2NTUzNiwiZGlnZXN0Ijoic2hhMjU2OmY3ZjMxMjI4MTY0YmU1MTJjZmUyZjhhNjM2OGU5M2RiMjc1NjJhMzhlZTA0MWNkNzRhNDMxYjU4ZDUyYTBmODIifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNjM1MiwiZGlnZXN0Ijoic2hhMjU2OjY4NzU3ZDlhNDIxMjNmMzExOGZmOWI1ZmM1NTQ5MTlmNTBmNGYwZTMzMmEzNWRjNzE2Y2Q3ZGRmMzlkMTZlZmMifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjo0MTAzMzIxNiwiZGlnZXN0Ijoic2hhMjU2OjE3NjI1NGUzYTczMjcxMTdlMTEyMmFjOWVhMmNiOTAyNTIxYTMwODk2OTVhNzMwNTBiNWEyODE4MWNiZmUwMmQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNDc2ODM4NCwiZGlnZXN0Ijoic2hhMjU2OjczZDQ5YzllOGMyZTc5YTM3OWQ4MjJkOTBhMWU1YThiNjcwOGIyYjIyZGM0MjQ0ODkxMmU2ZjY3ZjUwNzM2MjUifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyNTYwLCJkaWdlc3QiOiJzaGEyNTY6ZjQ3OWRiZTI2ZTUxMDgwZDllMjM0ZDQwOTgzZGRiYWYwZThmNjA3ZDM5ZDYzNjJlOGU2MjNjMjU1ODgwZjU3YyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjc4MTM3ODU2LCJkaWdlc3QiOiJzaGEyNTY6NWM1OWEwODUzNzIzNmY4MjNmY2VmZDU4YzY3ZTk3NjU0YTY2NGViNThiOWQzNTAzNTJmNTEwZWE5NjI3MWVmMSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjMxMjMyLCJkaWdlc3QiOiJzaGEyNTY6ZDBmZmY3MDIwZjg5NWM2YmY0YjFhYzBjNTUwNDI3YjA5NTRlYmRmNjYwMzhkMjVjZDE5MWI0OTllZjc0NzRjYSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1NjAsImRpZ2VzdCI6InNoYTI1Njo4Y2RmMWNjNmRmMjhhOGYxZDFkNmExNGEwMWE2MGUyMTUwYTk3ZTMxYzMwNDgwZjRhYzEwZThmMjgyNjkxNzdiIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzU4NCwiZGlnZXN0Ijoic2hhMjU2OjljOGI4ZWJlYjU5YWNkZGQ4MjNlYWMzZTk3NTIzM2JlZmMzNThlZDQ4NWVlOTZlNjFhYzE1Yzk0ZjM3ODA0NjkifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjo1MTIwLCJkaWdlc3QiOiJzaGEyNTY6MWM1ZTA4MTk4MmQxODkxOWE1YzJlNjc2ZmIwM2ZiNTE4MmYyMDkzYjEzNTk4MWM1MjZhZGFmNDJmODgyYzIxMSJ9XX0=",
2868
+ "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoicm9vdCIsIkV4cG9zZWRQb3J0cyI6eyI4MC90Y3AiOnt9LCI4MDgwL3RjcCI6e30sIjg0NDMvdGNwIjp7fSwiOTAwMC90Y3AiOnt9fSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIiwiUEhQSVpFX0RFUFM9YXV0b2NvbmYgXHRcdGRwa2ctZGV2IGRwa2cgXHRcdGZpbGUgXHRcdGcrKyBcdFx0Z2NjIFx0XHRsaWJjLWRldiBcdFx0bWFrZSBcdFx0cGtnY29uZiBcdFx0cmUyYyIsIlBIUF9JTklfRElSPS91c3IvbG9jYWwvZXRjL3BocCIsIlBIUF9DRkxBR1M9LWZzdGFjay1wcm90ZWN0b3Itc3Ryb25nIC1mcGljIC1mcGllIC1PMiAtRF9MQVJHRUZJTEVfU09VUkNFIC1EX0ZJTEVfT0ZGU0VUX0JJVFM9NjQiLCJQSFBfQ1BQRkxBR1M9LWZzdGFjay1wcm90ZWN0b3Itc3Ryb25nIC1mcGljIC1mcGllIC1PMiAtRF9MQVJHRUZJTEVfU09VUkNFIC1EX0ZJTEVfT0ZGU0VUX0JJVFM9NjQiLCJQSFBfTERGTEFHUz0tV2wsLU8xIC1waWUiLCJHUEdfS0VZUz0zOUI2NDEzNDNEOEMxMDRCMkIxNDZEQzNGOUMzOURDMEI5Njk4NTQ0IEU2MDkxM0U0REYyMDk5MDdEOEUzMEQ5NjY1OUE5N0M5Q0YyQTc5NUEgMTE5OEMwMTE3NTkzNDk3QTVFQzVDMTk5Mjg2QUYxRjk4OTc0NjlEQyIsIlBIUF9WRVJTSU9OPTguMi4xMyIsIlBIUF9VUkw9aHR0cHM6Ly93d3cucGhwLm5ldC9kaXN0cmlidXRpb25zL3BocC04LjIuMTMudGFyLnh6IiwiUEhQX0FTQ19VUkw9aHR0cHM6Ly93d3cucGhwLm5ldC9kaXN0cmlidXRpb25zL3BocC04LjIuMTMudGFyLnh6LmFzYyIsIlBIUF9TSEEyNTY9MjYyOWJiYTEwMTE3YmY3ODkxMjA2OGEyMzBjNjhhOGZkMDliNzc0MDI2N2JkOGViZDNjZmNlOTE1MTVkNDU0YiJdLCJFbnRyeXBvaW50IjpbIi9zdGFydC5zaCJdLCJXb3JraW5nRGlyIjoiL3Zhci93d3cvZG9ja2VyLWFpbyIsIlN0b3BTaWduYWwiOiJTSUdRVUlUIiwiSGVhbHRoY2hlY2siOnsiVGVzdCI6WyJDTUQtU0hFTEwiLCIvaGVhbHRoY2hlY2suc2giXX0sIk9uQnVpbGQiOm51bGx9LCJjcmVhdGVkIjoiMjAyMy0xMi0xNFQxMTo0ODowNy40MjM4ODA3MTVaIiwiaGlzdG9yeSI6W3siY3JlYXRlZCI6IjIwMjMtMTEtMzBUMjM6MjI6NTIuNjMyNjE2Mzg1WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBBREQgZmlsZTpmYzcxNDA4MGMzYmNiYmNlN2FjNzQ2YTEwZDdiNDM1NWZmYTM2MjkzYThkNDM1ZDYyY2Q1MzU5ZWE4ZWI4MzY0IGluIC8gIn0seyJjcmVhdGVkIjoiMjAyMy0xMS0zMFQyMzoyMjo1Mi43MzgxMjk4NTdaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApICBDTUQgW1wiL2Jpbi9zaFwiXSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDIzLTExLTMwVDIzOjMyOjUyLjA1MjY4MDM0NFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEVOViBQSFBJWkVfREVQUz1hdXRvY29uZiBcdFx0ZHBrZy1kZXYgZHBrZyBcdFx0ZmlsZSBcdFx0ZysrIFx0XHRnY2MgXHRcdGxpYmMtZGV2IFx0XHRtYWtlIFx0XHRwa2djb25mIFx0XHRyZTJjIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTJUMjA6NTI6MjAuODU1Mzc5NTczWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jIGFwayBhZGQgLS1uby1jYWNoZSBcdFx0Y2EtY2VydGlmaWNhdGVzIFx0XHRjdXJsIFx0XHRvcGVuc3NsIFx0XHR0YXIgXHRcdHh6In0seyJjcmVhdGVkIjoiMjAyMy0xMi0xMlQyMDo1MjoyMS40NTg1ODAzOTZaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgc2V0IC1ldXg7IFx0YWRkdXNlciAtdSA4MiAtRCAtUyAtRyB3d3ctZGF0YSB3d3ctZGF0YSJ9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTJUMjA6NTI6MjEuNTUwMjU2MDUyWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgRU5WIFBIUF9JTklfRElSPS91c3IvbG9jYWwvZXRjL3BocCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTEyVDIwOjUyOjIyLjA3MzE3MTk3M1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyBzZXQgLWV1eDsgXHRta2RpciAtcCBcIiRQSFBfSU5JX0RJUi9jb25mLmRcIjsgXHRbICEgLWQgL3Zhci93d3cvaHRtbCBdOyBcdG1rZGlyIC1wIC92YXIvd3d3L2h0bWw7IFx0Y2hvd24gd3d3LWRhdGE6d3d3LWRhdGEgL3Zhci93d3cvaHRtbDsgXHRjaG1vZCAxNzc3IC92YXIvd3d3L2h0bWwifSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTEyVDIwOjUyOjIyLjE2NDkzMjgyOFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEVOViBQSFBfQ0ZMQUdTPS1mc3RhY2stcHJvdGVjdG9yLXN0cm9uZyAtZnBpYyAtZnBpZSAtTzIgLURfTEFSR0VGSUxFX1NPVVJDRSAtRF9GSUxFX09GRlNFVF9CSVRTPTY0IiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTJUMjA6NTI6MjIuMjU1MTA4MDMyWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgRU5WIFBIUF9DUFBGTEFHUz0tZnN0YWNrLXByb3RlY3Rvci1zdHJvbmcgLWZwaWMgLWZwaWUgLU8yIC1EX0xBUkdFRklMRV9TT1VSQ0UgLURfRklMRV9PRkZTRVRfQklUUz02NCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTEyVDIwOjUyOjIyLjM0Njk0MTgzNVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEVOViBQSFBfTERGTEFHUz0tV2wsLU8xIC1waWUiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyMy0xMi0xMlQyMTo0ODoyOS45ODI2NjU3NDNaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApICBFTlYgR1BHX0tFWVM9MzlCNjQxMzQzRDhDMTA0QjJCMTQ2REMzRjlDMzlEQzBCOTY5ODU0NCBFNjA5MTNFNERGMjA5OTA3RDhFMzBEOTY2NTlBOTdDOUNGMkE3OTVBIDExOThDMDExNzU5MzQ5N0E1RUM1QzE5OTI4NkFGMUY5ODk3NDY5REMiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyMy0xMi0xMlQyMjoxNTo0OC44ODMxMjExMTVaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApICBFTlYgUEhQX1ZFUlNJT049OC4yLjEzIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTJUMjI6MTU6NDguOTY3MjA1NjVaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApICBFTlYgUEhQX1VSTD1odHRwczovL3d3dy5waHAubmV0L2Rpc3RyaWJ1dGlvbnMvcGhwLTguMi4xMy50YXIueHogUEhQX0FTQ19VUkw9aHR0cHM6Ly93d3cucGhwLm5ldC9kaXN0cmlidXRpb25zL3BocC04LjIuMTMudGFyLnh6LmFzYyIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTEyVDIyOjE1OjQ5LjA1NjQ2NTczNloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEVOViBQSFBfU0hBMjU2PTI2MjliYmExMDExN2JmNzg5MTIwNjhhMjMwYzY4YThmZDA5Yjc3NDAyNjdiZDhlYmQzY2ZjZTkxNTE1ZDQ1NGIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyMy0xMi0xMlQyMjoxNTo1NS43NDAxNTIxODRaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgc2V0IC1ldXg7IFx0XHRhcGsgYWRkIC0tbm8tY2FjaGUgLS12aXJ0dWFsIC5mZXRjaC1kZXBzIGdudXBnOyBcdFx0bWtkaXIgLXAgL3Vzci9zcmM7IFx0Y2QgL3Vzci9zcmM7IFx0XHRjdXJsIC1mc1NMIC1vIHBocC50YXIueHogXCIkUEhQX1VSTFwiOyBcdFx0aWYgWyAtbiBcIiRQSFBfU0hBMjU2XCIgXTsgdGhlbiBcdFx0ZWNobyBcIiRQSFBfU0hBMjU2ICpwaHAudGFyLnh6XCIgfCBzaGEyNTZzdW0gLWMgLTsgXHRmaTsgXHRcdGlmIFsgLW4gXCIkUEhQX0FTQ19VUkxcIiBdOyB0aGVuIFx0XHRjdXJsIC1mc1NMIC1vIHBocC50YXIueHouYXNjIFwiJFBIUF9BU0NfVVJMXCI7IFx0XHRleHBvcnQgR05VUEdIT01FPVwiJChta3RlbXAgLWQpXCI7IFx0XHRmb3Iga2V5IGluICRHUEdfS0VZUzsgZG8gXHRcdFx0Z3BnIC0tYmF0Y2ggLS1rZXlzZXJ2ZXIga2V5c2VydmVyLnVidW50dS5jb20gLS1yZWN2LWtleXMgXCIka2V5XCI7IFx0XHRkb25lOyBcdFx0Z3BnIC0tYmF0Y2ggLS12ZXJpZnkgcGhwLnRhci54ei5hc2MgcGhwLnRhci54ejsgXHRcdGdwZ2NvbmYgLS1raWxsIGFsbDsgXHRcdHJtIC1yZiBcIiRHTlVQR0hPTUVcIjsgXHRmaTsgXHRcdGFwayBkZWwgLS1uby1uZXR3b3JrIC5mZXRjaC1kZXBzIn0seyJjcmVhdGVkIjoiMjAyMy0xMi0xMlQyMjoxNTo1NS44Njc2ODEzMTlaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIENPUFkgZmlsZTpjZTU3YzA0YjcwODk2Zjc3Y2MxMWViMjc2NjQxN2Q4YTEyNDBmY2ZmZTViYmE5MjE3OWVjNzhjNDU4ODQ0MTEwIGluIC91c3IvbG9jYWwvYmluLyAifSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTEyVDIyOjIzOjEzLjMwMTIxNTM5NloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyBzZXQgLWV1eDsgXHRhcGsgYWRkIC0tbm8tY2FjaGUgLS12aXJ0dWFsIC5idWlsZC1kZXBzIFx0XHQkUEhQSVpFX0RFUFMgXHRcdGFyZ29uMi1kZXYgXHRcdGNvcmV1dGlscyBcdFx0Y3VybC1kZXYgXHRcdGdudS1saWJpY29udi1kZXYgXHRcdGxpYnNvZGl1bS1kZXYgXHRcdGxpYnhtbDItZGV2IFx0XHRsaW51eC1oZWFkZXJzIFx0XHRvbmlndXJ1bWEtZGV2IFx0XHRvcGVuc3NsLWRldiBcdFx0cmVhZGxpbmUtZGV2IFx0XHRzcWxpdGUtZGV2IFx0OyBcdFx0cm0gLXZmIC91c3IvaW5jbHVkZS9pY29udi5oOyBcdFx0ZXhwb3J0IFx0XHRDRkxBR1M9XCIkUEhQX0NGTEFHU1wiIFx0XHRDUFBGTEFHUz1cIiRQSFBfQ1BQRkxBR1NcIiBcdFx0TERGTEFHUz1cIiRQSFBfTERGTEFHU1wiIFx0OyBcdGRvY2tlci1waHAtc291cmNlIGV4dHJhY3Q7IFx0Y2QgL3Vzci9zcmMvcGhwOyBcdGdudUFyY2g9XCIkKGRwa2ctYXJjaGl0ZWN0dXJlIC0tcXVlcnkgREVCX0JVSUxEX0dOVV9UWVBFKVwiOyBcdC4vY29uZmlndXJlIFx0XHQtLWJ1aWxkPVwiJGdudUFyY2hcIiBcdFx0LS13aXRoLWNvbmZpZy1maWxlLXBhdGg9XCIkUEhQX0lOSV9ESVJcIiBcdFx0LS13aXRoLWNvbmZpZy1maWxlLXNjYW4tZGlyPVwiJFBIUF9JTklfRElSL2NvbmYuZFwiIFx0XHRcdFx0LS1lbmFibGUtb3B0aW9uLWNoZWNraW5nPWZhdGFsIFx0XHRcdFx0LS13aXRoLW1oYXNoIFx0XHRcdFx0LS13aXRoLXBpYyBcdFx0XHRcdC0tZW5hYmxlLWZ0cCBcdFx0LS1lbmFibGUtbWJzdHJpbmcgXHRcdC0tZW5hYmxlLW15c3FsbmQgXHRcdC0td2l0aC1wYXNzd29yZC1hcmdvbjIgXHRcdC0td2l0aC1zb2RpdW09c2hhcmVkIFx0XHQtLXdpdGgtcGRvLXNxbGl0ZT0vdXNyIFx0XHQtLXdpdGgtc3FsaXRlMz0vdXNyIFx0XHRcdFx0LS13aXRoLWN1cmwgXHRcdC0td2l0aC1pY29udj0vdXNyIFx0XHQtLXdpdGgtb3BlbnNzbCBcdFx0LS13aXRoLXJlYWRsaW5lIFx0XHQtLXdpdGgtemxpYiBcdFx0XHRcdC0tZGlzYWJsZS1waHBkYmcgXHRcdFx0XHQtLXdpdGgtcGVhciBcdFx0XHRcdCQodGVzdCBcIiRnbnVBcmNoXCIgPSAnczM5MHgtbGludXgtbXVzbCcgXHUwMDI2XHUwMDI2IGVjaG8gJy0td2l0aG91dC1wY3JlLWppdCcpIFx0XHRcdFx0LS1kaXNhYmxlLWNnaSBcdFx0XHRcdC0tZW5hYmxlLWZwbSBcdFx0LS13aXRoLWZwbS11c2VyPXd3dy1kYXRhIFx0XHQtLXdpdGgtZnBtLWdyb3VwPXd3dy1kYXRhIFx0OyBcdG1ha2UgLWogXCIkKG5wcm9jKVwiOyBcdGZpbmQgLXR5cGUgZiAtbmFtZSAnKi5hJyAtZGVsZXRlOyBcdG1ha2UgaW5zdGFsbDsgXHRmaW5kIFx0XHQvdXNyL2xvY2FsIFx0XHQtdHlwZSBmIFx0XHQtcGVybSAnLzAxMTEnIFx0XHQtZXhlYyBzaCAtZXV4YyAnIFx0XHRcdHN0cmlwIC0tc3RyaXAtYWxsIFwiJEBcIiB8fCA6IFx0XHQnIC0tICd7fScgKyBcdDsgXHRtYWtlIGNsZWFuOyBcdFx0Y3AgLXYgcGhwLmluaS0qIFwiJFBIUF9JTklfRElSL1wiOyBcdFx0Y2QgLzsgXHRkb2NrZXItcGhwLXNvdXJjZSBkZWxldGU7IFx0XHRydW5EZXBzPVwiJCggXHRcdHNjYW5lbGYgLS1uZWVkZWQgLS1ub2Jhbm5lciAtLWZvcm1hdCAnJW4jcCcgLS1yZWN1cnNpdmUgL3Vzci9sb2NhbCBcdFx0XHR8IHRyICcsJyAnXFxuJyBcdFx0XHR8IHNvcnQgLXUgXHRcdFx0fCBhd2sgJ3N5c3RlbShcIlsgLWUgL3Vzci9sb2NhbC9saWIvXCIgJDEgXCIgXVwiKSA9PSAwIHsgbmV4dCB9IHsgcHJpbnQgXCJzbzpcIiAkMSB9JyBcdClcIjsgXHRhcGsgYWRkIC0tbm8tY2FjaGUgJHJ1bkRlcHM7IFx0XHRhcGsgZGVsIC0tbm8tbmV0d29yayAuYnVpbGQtZGVwczsgXHRcdHBlY2wgdXBkYXRlLWNoYW5uZWxzOyBcdHJtIC1yZiAvdG1wL3BlYXIgfi8ucGVhcnJjOyBcdFx0cGhwIC0tdmVyc2lvbiJ9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTJUMjI6MjM6MTMuNjUxMTA0OTIzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBDT1BZIG11bHRpOjg2OWJkZTlkYmVhZTc0ODg2YTA1YzllMjEwN2IzZTNiNDg3NzExNmRiOGM2ZDlhZGJhZmYyNzE5ZjlmYjUyNjIgaW4gL3Vzci9sb2NhbC9iaW4vICJ9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTJUMjI6MjM6MTQuNzcyOTIzMzM2WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jIGRvY2tlci1waHAtZXh0LWVuYWJsZSBzb2RpdW0ifSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTEyVDIyOjIzOjE0Ljg2MzUyNjgyM1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEVOVFJZUE9JTlQgW1wiZG9ja2VyLXBocC1lbnRyeXBvaW50XCJdIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTJUMjI6MjM6MTQuOTY0NTE3NjM3WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBXT1JLRElSIC92YXIvd3d3L2h0bWwiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyMy0xMi0xMlQyMjoyMzoxNS40OTA2NjkwMDhaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgc2V0IC1ldXg7IFx0Y2QgL3Vzci9sb2NhbC9ldGM7IFx0aWYgWyAtZCBwaHAtZnBtLmQgXTsgdGhlbiBcdFx0c2VkICdzIT1OT05FLyE9IWcnIHBocC1mcG0uY29uZi5kZWZhdWx0IHwgdGVlIHBocC1mcG0uY29uZiBcdTAwM2UgL2Rldi9udWxsOyBcdFx0Y3AgcGhwLWZwbS5kL3d3dy5jb25mLmRlZmF1bHQgcGhwLWZwbS5kL3d3dy5jb25mOyBcdGVsc2UgXHRcdG1rZGlyIHBocC1mcG0uZDsgXHRcdGNwIHBocC1mcG0uY29uZi5kZWZhdWx0IHBocC1mcG0uZC93d3cuY29uZjsgXHRcdHsgXHRcdFx0ZWNobyAnW2dsb2JhbF0nOyBcdFx0XHRlY2hvICdpbmNsdWRlPWV0Yy9waHAtZnBtLmQvKi5jb25mJzsgXHRcdH0gfCB0ZWUgcGhwLWZwbS5jb25mOyBcdGZpOyBcdHsgXHRcdGVjaG8gJ1tnbG9iYWxdJzsgXHRcdGVjaG8gJ2Vycm9yX2xvZyA9IC9wcm9jL3NlbGYvZmQvMic7IFx0XHRlY2hvOyBlY2hvICc7IGh0dHBzOi8vZ2l0aHViLmNvbS9kb2NrZXItbGlicmFyeS9waHAvcHVsbC83MjUjaXNzdWVjb21tZW50LTQ0MzU0MDExNCc7IGVjaG8gJ2xvZ19saW1pdCA9IDgxOTInOyBcdFx0ZWNobzsgXHRcdGVjaG8gJ1t3d3ddJzsgXHRcdGVjaG8gJzsgcGhwLWZwbSBjbG9zZXMgU1RET1VUIG9uIHN0YXJ0dXAsIHNvIHNlbmRpbmcgbG9ncyB0byAvcHJvYy9zZWxmL2ZkLzEgZG9lcyBub3Qgd29yay4nOyBcdFx0ZWNobyAnOyBodHRwczovL2J1Z3MucGhwLm5ldC9idWcucGhwP2lkPTczODg2JzsgXHRcdGVjaG8gJ2FjY2Vzcy5sb2cgPSAvcHJvYy9zZWxmL2ZkLzInOyBcdFx0ZWNobzsgXHRcdGVjaG8gJ2NsZWFyX2VudiA9IG5vJzsgXHRcdGVjaG87IFx0XHRlY2hvICc7IEVuc3VyZSB3b3JrZXIgc3Rkb3V0IGFuZCBzdGRlcnIgYXJlIHNlbnQgdG8gdGhlIG1haW4gZXJyb3IgbG9nLic7IFx0XHRlY2hvICdjYXRjaF93b3JrZXJzX291dHB1dCA9IHllcyc7IFx0XHRlY2hvICdkZWNvcmF0ZV93b3JrZXJzX291dHB1dCA9IG5vJzsgXHR9IHwgdGVlIHBocC1mcG0uZC9kb2NrZXIuY29uZjsgXHR7IFx0XHRlY2hvICdbZ2xvYmFsXSc7IFx0XHRlY2hvICdkYWVtb25pemUgPSBubyc7IFx0XHRlY2hvOyBcdFx0ZWNobyAnW3d3d10nOyBcdFx0ZWNobyAnbGlzdGVuID0gOTAwMCc7IFx0fSB8IHRlZSBwaHAtZnBtLmQvenotZG9ja2VyLmNvbmY7IFx0bWtkaXIgLXAgXCIkUEhQX0lOSV9ESVIvY29uZi5kXCI7IFx0eyBcdFx0ZWNobyAnOyBodHRwczovL2dpdGh1Yi5jb20vZG9ja2VyLWxpYnJhcnkvcGhwL2lzc3Vlcy84NzgjaXNzdWVjb21tZW50LTkzODU5NTk2NSc7IFx0XHRlY2hvICdmYXN0Y2dpLmxvZ2dpbmcgPSBPZmYnOyBcdH0gXHUwMDNlIFwiJFBIUF9JTklfRElSL2NvbmYuZC9kb2NrZXItZnBtLmluaVwiIn0seyJjcmVhdGVkIjoiMjAyMy0xMi0xMlQyMjoyMzoxNS41ODUwMzUyODlaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApICBTVE9QU0lHTkFMIFNJR1FVSVQiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyMy0xMi0xMlQyMjoyMzoxNS42NzgxODM0MDNaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApICBFWFBPU0UgOTAwMCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTEyVDIyOjIzOjE1Ljc3MDM5Mzk3NFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIENNRCBbXCJwaHAtZnBtXCJdIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTRUMTE6NDc6NDUuNjY4MzI4MDVaIiwiY3JlYXRlZF9ieSI6IkVYUE9TRSBtYXBbODAvdGNwOnt9XSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTRUMTE6NDc6NDUuNjY4MzI4MDVaIiwiY3JlYXRlZF9ieSI6IkVYUE9TRSBtYXBbODA4MC90Y3A6e31dIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyMy0xMi0xNFQxMTo0Nzo0NS42NjgzMjgwNVoiLCJjcmVhdGVkX2J5IjoiRVhQT1NFIG1hcFs4NDQzL3RjcDp7fV0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTE0VDExOjQ3OjQ1LjY2ODMyODA1WiIsImNyZWF0ZWRfYnkiOiJDT1BZIC91c3IvYmluL2NhZGR5IC91c3IvYmluL2NhZGR5ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTRUMTE6NDc6NDUuNzU5ODkyMTgyWiIsImNyZWF0ZWRfYnkiOiJDT1BZIC91c3IvbG9jYWwvYmluL2RvY2tlciAvdXNyL2xvY2FsL2Jpbi9kb2NrZXIgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMy0xMi0xNFQxMTo0Nzo0NS43NzA1OTE0WiIsImNyZWF0ZWRfYnkiOiJXT1JLRElSIC92YXIvd3d3L2RvY2tlci1haW8iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTRUMTE6NDg6MDcuMzM2MjE3ODc1WiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBzZXQgLWV4OyAgICAgYXBrIGFkZCAtLW5vLWNhY2hlIHNoYWRvdzsgICAgIGdyb3VwbW9kIC1nIDMzMyB4ZnM7ICAgICB1c2VybW9kIC11IDMzMyAtZyAzMzMgeGZzOyAgICAgZ3JvdXBtb2QgLWcgMzMgd3d3LWRhdGE7ICAgICB1c2VybW9kIC11IDMzIC1nIDMzIHd3dy1kYXRhOyAgICAgICAgIGFwayBhZGQgLS1uby1jYWNoZSAgICAgICAgIHV0aWwtbGludXgtbWlzYyAgICAgICAgIGNhLWNlcnRpZmljYXRlcyAgICAgICAgIHdnZXQgICAgICAgICBiYXNoICAgICAgICAgYXBhY2hlMiAgICAgICAgIGFwYWNoZTItcHJveHkgICAgICAgICBhcGFjaGUyLXNzbCAgICAgICAgIHN1cGVydmlzb3IgICAgICAgICBvcGVuc3NsICAgICAgICAgc3VkbyAgICAgICAgIG5ldGNhdC1vcGVuYnNkICAgICAgICAgY3VybCAgICAgICAgIGdyZXA7ICAgICAgICAgYXBrIGFkZCAtLW5vLWNhY2hlIC0tdmlydHVhbCAuYnVpbGQtZGVwcyAgICAgICAgIGF1dG9jb25mICAgICAgICAgYnVpbGQtYmFzZTsgICAgIHBlY2wgaW5zdGFsbCBBUEN1LTUuMS4yMzsgICAgIGRvY2tlci1waHAtZXh0LWVuYWJsZSBhcGN1OyAgICAgcm0gLXIgL3RtcC9wZWFyOyAgICAgcnVuRGVwcz1cIiQoICAgICAgICAgc2NhbmVsZiAtLW5lZWRlZCAtLW5vYmFubmVyIC0tZm9ybWF0ICclbiNwJyAtLXJlY3Vyc2l2ZSAvdXNyL2xvY2FsL2xpYi9waHAvZXh0ZW5zaW9ucyAgICAgICAgICAgICB8IHRyICcsJyAnXFxuJyAgICAgICAgICAgICB8IHNvcnQgLXUgICAgICAgICAgICAgfCBhd2sgJ3N5c3RlbShcIlsgLWUgL3Vzci9sb2NhbC9saWIvXCIgJDEgXCIgXVwiKSA9PSAwIHsgbmV4dCB9IHsgcHJpbnQgXCJzbzpcIiAkMSB9JyAgICAgKVwiOyAgICAgYXBrIGFkZCAtLW5vLWNhY2hlIC0tdmlydHVhbCAubmV4dGNsb3VkLWFpby1ydW5kZXBzICRydW5EZXBzOyAgICAgYXBrIGRlbCAuYnVpbGQtZGVwczsgICAgIGdyZXAgLXEgJ15wbSA9IGR5bmFtaWMnIC91c3IvbG9jYWwvZXRjL3BocC1mcG0uZC93d3cuY29uZjsgICAgIHNlZCAtaSAncy9ecG0gPSBkeW5hbWljL3BtID0gb25kZW1hbmQvJyAvdXNyL2xvY2FsL2V0Yy9waHAtZnBtLmQvd3d3LmNvbmY7ICAgICBzZWQgLWkgJ3MvXnBtLm1heF9jaGlsZHJlbiA9LiovcG0ubWF4X2NoaWxkcmVuID0gODAvJyAvdXNyL2xvY2FsL2V0Yy9waHAtZnBtLmQvd3d3LmNvbmY7ICAgICBzZWQgLWkgJ3N8YWNjZXNzLmxvZyA9IC9wcm9jL3NlbGYvZmQvMnxhY2Nlc3MubG9nID0gL3Byb2Mvc2VsZi9mZC8xfCcgL3Vzci9sb2NhbC9ldGMvcGhwLWZwbS5kL2RvY2tlci5jb25mOyAgICAgZ3JlcCAtcSAnO2xpc3Rlbi5hbGxvd2VkX2NsaWVudHMnIC91c3IvbG9jYWwvZXRjL3BocC1mcG0uZC93d3cuY29uZjsgICAgIHNlZCAtaSAnc3w7bGlzdGVuLmFsbG93ZWRfY2xpZW50cy4qfGxpc3Rlbi5hbGxvd2VkX2NsaWVudHMgPSAxMjcuMC4wLjEsOjoxfCcgL3Vzci9sb2NhbC9ldGMvcGhwLWZwbS5kL3d3dy5jb25mOyAgICAgICAgIGFwayBhZGQgLS1uby1jYWNoZSBnaXQ7ICAgICB3Z2V0IGh0dHBzOi8vZ2V0Y29tcG9zZXIub3JnL2luc3RhbGxlciAtTyAtIHwgcGhwIC0tIC0taW5zdGFsbC1kaXI9L3Vzci9sb2NhbC9iaW4gLS1maWxlbmFtZT1jb21wb3NlcjsgICAgIGNobW9kICt4IC91c3IvbG9jYWwvYmluL2NvbXBvc2VyOyAgICAgY2QgL3Zhci93d3cvZG9ja2VyLWFpbzsgICAgIGdpdCBjbG9uZSBodHRwczovL2dpdGh1Yi5jb20vbmV4dGNsb3VkLXJlbGVhc2VzL2FsbC1pbi1vbmUuZ2l0IC0tZGVwdGggMSAuOyAgICAgZmluZCAuLyAtbWF4ZGVwdGggMSAtbWluZGVwdGggMSAtbm90IC1wYXRoIC4vcGhwIC1ub3QgLXBhdGggLi9jb21tdW5pdHktY29udGFpbmVycyAtZXhlYyBybSAtciB7fSBcXDsgOyAgICAgY2hvd24gd3d3LWRhdGE6d3d3LWRhdGEgLVIgL3Zhci93d3cvZG9ja2VyLWFpbzsgICAgIGNkIHBocDsgICAgIHN1ZG8gLXUgd3d3LWRhdGEgY29tcG9zZXIgaW5zdGFsbCAtLW5vLWRldjsgICAgIHN1ZG8gLXUgd3d3LWRhdGEgY29tcG9zZXIgY2xlYXItY2FjaGU7ICAgICBjZCAuLjsgICAgIHJtIC1mIC91c3IvbG9jYWwvYmluL2NvbXBvc2VyOyAgICAgY2htb2QgLVIgNzcwIC92YXIvd3d3L2RvY2tlci1haW87ICAgICBjaG93biAtUiB3d3ctZGF0YTp3d3ctZGF0YSAvdmFyL3d3dzsgICAgIHJtIC1yIHBocC9kYXRhOyAgICAgcm0gLXIgcGhwL3Nlc3Npb247ICAgICAgICAgbWtkaXIgLXAgL2V0Yy9hcGFjaGUyL2NlcnRzOyAgICAgY2QgL2V0Yy9hcGFjaGUyL2NlcnRzOyAgICAgb3BlbnNzbCByZXEgLW5ldyAtbmV3a2V5IHJzYTo0MDk2IC1kYXlzIDM2NTAgLW5vZGVzIC14NTA5IC1zdWJqIFwiL0M9REUvU1Q9QkUvTD1Mb2NhbC9PPURldi9DTj1uZXh0Y2xvdWQubG9jYWxcIiAta2V5b3V0IC9ldGMvYXBhY2hlMi9jZXJ0cy9zc2wua2V5IC1vdXQgL2V0Yy9hcGFjaGUyL2NlcnRzL3NzbC5jcnQ7ICAgICAgICAgc2VkIC1pICAgICAgICAgICAgIC1lICcvXkxpc3RlbiAvZCcgICAgICAgICAgICAgLWUgJ3MvXkxvZ0xldmVsIC4qL0xvZ0xldmVsIGVycm9yLycgICAgICAgICAgICAgLWUgJ3N8XkVycm9yTG9nIC4qfEVycm9yTG9nIC9wcm9jL3NlbGYvZmQvMnwnICAgICAgICAgICAgIC1lICdzL1VzZXIgYXBhY2hlL1VzZXIgd3d3LWRhdGEvZycgICAgICAgICAgICAgLWUgJ3MvR3JvdXAgYXBhY2hlL0dyb3VwIHd3dy1kYXRhL2cnICAgICAgICAgICAgIC1lICdzL14jXFwoTG9hZE1vZHVsZSAuKm1vZF9yZXdyaXRlLnNvXFwpL1xcMS8nICAgICAgICAgICAgIC1lICdzL14jXFwoTG9hZE1vZHVsZSAuKm1vZF9oZWFkZXJzLnNvXFwpL1xcMS8nICAgICAgICAgICAgIC1lICdzL14jXFwoTG9hZE1vZHVsZSAuKm1vZF9lbnYuc29cXCkvXFwxLycgICAgICAgICAgICAgLWUgJ3MvXiNcXChMb2FkTW9kdWxlIC4qbW9kX21pbWUuc29cXCkvXFwxLycgICAgICAgICAgICAgLWUgJ3MvXiNcXChMb2FkTW9kdWxlIC4qbW9kX2Rpci5zb1xcKS9cXDEvJyAgICAgICAgICAgICAtZSAncy9eI1xcKExvYWRNb2R1bGUgLiptb2RfYXV0aHpfY29yZS5zb1xcKS9cXDEvJyAgICAgICAgICAgICAtZSAncy9eI1xcKExvYWRNb2R1bGUgLiptb2RfbXBtX2V2ZW50LnNvXFwpL1xcMS8nICAgICAgICAgICAgIC1lICdzL1xcKExvYWRNb2R1bGUgLiptb2RfbXBtX3dvcmtlci5zb1xcKS8jXFwxLycgICAgICAgICAgICAgLWUgJ3MvXFwoTG9hZE1vZHVsZSAuKm1vZF9tcG1fcHJlZm9yay5zb1xcKS8jXFwxLycgICAgICAgICAgICAgLWUgJ3MvXFwoU2NyaXB0QWxpYXMgXFwpLyNcXDEvJyAgICAgICAgIC9ldGMvYXBhY2hlMi9odHRwZC5jb25mOyAgICAgICAgIG1rZGlyIC1wIC9ldGMvYXBhY2hlMi9sb2dzOyAgICAgICAgIHJtIC9ldGMvYXBhY2hlMi9jb25mLmQvc3NsLmNvbmY7ICAgICAgICAgZWNobyBcIlNlcnZlck5hbWUgbG9jYWxob3N0XCIgfCB0ZWUgLWEgL2V0Yy9hcGFjaGUyL2h0dHBkLmNvbmY7ICAgICAgICAgZ3JlcCAtcSAnXkxvYWRNb2R1bGUgbGJtZXRob2RfaGVhcnRiZWF0X21vZHVsZScgL2V0Yy9hcGFjaGUyL2NvbmYuZC9wcm94eS5jb25mOyAgICAgICAgIHNlZCAtaSAnc3xeTG9hZE1vZHVsZSBsYm1ldGhvZF9oZWFydGJlYXRfbW9kdWxlLip8I0xvYWRNb2R1bGUgbGJtZXRob2RfaGVhcnRiZWF0X21vZHVsZXwnIC9ldGMvYXBhY2hlMi9jb25mLmQvcHJveHkuY29uZjsgICAgICAgICBlY2hvIFwiU1NMU2Vzc2lvbkNhY2hlIG5vbmVub3RudWxsXCIgfCB0ZWUgLWEgL2V0Yy9hcGFjaGUyL2h0dHBkLmNvbmY7ICAgICAgICAgZWNobyBcIkxvYWRNb2R1bGUgc3NsX21vZHVsZSBtb2R1bGVzL21vZF9zc2wuc29cIiB8IHRlZSAtYSAvZXRjL2FwYWNoZTIvaHR0cGQuY29uZjsgICAgICAgICBlY2hvIFwiTG9hZE1vZHVsZSBzb2NhY2hlX3NobWNiX21vZHVsZSBtb2R1bGVzL21vZF9zb2NhY2hlX3NobWNiLnNvXCIgfCB0ZWUgLWEgL2V0Yy9hcGFjaGUyL2h0dHBkLmNvbmY7ICAgICAgICAgZWNobyBcIkluY2x1ZGUgL2V0Yy9hcGFjaGUyL3NpdGVzLWF2YWlsYWJsZS9tYXN0ZXJjb250YWluZXIuY29uZlwiIHwgdGVlIC1hIC9ldGMvYXBhY2hlMi9odHRwZC5jb25mOyAgICAgICAgIHJtIC1mIC9ldGMvYXBhY2hlMi9jb25mLmQvZGVmYXVsdC5jb25mICAgICAgICAgICAvZXRjL2FwYWNoZTIvY29uZi5kL3VzZXJkaXIuY29uZiAgICAgICAgICAgL2V0Yy9hcGFjaGUyL2NvbmYuZC9pbmZvLmNvbmY7ICAgICAgICAgcm0gLXJmIC92YXIvd3d3L2xvY2FsaG9zdC9jZ2ktYmluLzsgICAgIG1rZGlyIC92YXIvbG9nL3N1cGVydmlzb3JkOyAgICAgbWtkaXIgL3Zhci9ydW4vc3VwZXJ2aXNvcmQ7ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTRUMTE6NDg6MDcuMzc1NjUwMjU0WiIsImNyZWF0ZWRfYnkiOiJDT1BZICouc2ggLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTE0VDExOjQ4OjA3LjQwNDQxOTI4N1oiLCJjcmVhdGVkX2J5IjoiQ09QWSBDYWRkeWZpbGUgL0NhZGR5ZmlsZSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDIzLTEyLTE0VDExOjQ4OjA3LjQxNDY1MzY4MVoiLCJjcmVhdGVkX2J5IjoiQ09QWSBzdXBlcnZpc29yZC5jb25mIC9zdXBlcnZpc29yZC5jb25mICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTRUMTE6NDg6MDcuNDIzODgwNzE1WiIsImNyZWF0ZWRfYnkiOiJDT1BZIG1hc3RlcmNvbnRhaW5lci5jb25mIC9ldGMvYXBhY2hlMi9zaXRlcy1hdmFpbGFibGUvbWFzdGVyY29udGFpbmVyLmNvbmYgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMy0xMi0xNFQxMTo0ODowNy40MjM4ODA3MTVaIiwiY3JlYXRlZF9ieSI6IlVTRVIgcm9vdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTRUMTE6NDg6MDcuNDIzODgwNzE1WiIsImNyZWF0ZWRfYnkiOiJFTlRSWVBPSU5UIFtcIi9zdGFydC5zaFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjMtMTItMTRUMTE6NDg6MDcuNDIzODgwNzE1WiIsImNyZWF0ZWRfYnkiOiJIRUFMVEhDSEVDSyBcdTAwMjZ7W1wiQ01ELVNIRUxMXCIgXCIvaGVhbHRoY2hlY2suc2hcIl0gXCIwc1wiIFwiMHNcIiBcIjBzXCIgXCIwc1wiICdcXHgwMCd9IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6OWZlOWExMzdmZDAwMjM2M2FjNjRmNWFmNjYxNDY3MDI0MzJiNjM4YTgzZWUwYzViNjIwYzQwYTllNDMzZTgxMyIsInNoYTI1NjoxYzYyMTc3NjlkYzFmM2RmZmJiZTJlMjAyZDEzM2JiNDM3NjMwOWU0M2QwYjQ2NzQwYzM3ZDY0ZWRlNTYyNjBkIiwic2hhMjU2OmZmNTZlYzQ0Y2VhNmVmM2Y4OWRlZmVkZjU1NTQ4NWQ5MzMyOTkxMWUwNzQ2NmMwMmUyODViZGYzNDg2YWE3NzYiLCJzaGEyNTY6ZTEwNzMyZTU4ODNhOTg1ZmUwOTU3M2UzNTIyZDRlOWY0N2EyNWE4OTdkYTAzM2I2MDVmMTNkOGI3MjMyNzMwZiIsInNoYTI1Njo5MGNlNTQxMzM4N2I4ZmEyZjA4ZWUzZWFiYzc5ZjNlOTA4MzZkNDYwYzE5ZjJmNjg0YjMxN2M0ODkwZDc1N2JkIiwic2hhMjU2OjcwNDg1NzM4NjgwMmQzM2I4OTdkMDVhYmE1ZjczOTdlNTAwNGRmM2YyMTJhN2RkNDZkOGQxOWJmYWQ5YjE2MDkiLCJzaGEyNTY6NzVlZGQ1YmYzMTQzN2E3NDE3NzVlYTM5YmNjOGYyNTUxZmIwYTMxMDNkNGExOGNiNDJkN2Q3Zjk5ZTFlZTE3ZiIsInNoYTI1Njo0YjNiYzc1ODI3YmQ3ODFjNTQxMWRmNGJlM2IzYzcxZjFmMTQzNjcyNDc2OTQwYzljZWVhZjFlNmI4MGY0ZTZkIiwic2hhMjU2OmY3ZjMxMjI4MTY0YmU1MTJjZmUyZjhhNjM2OGU5M2RiMjc1NjJhMzhlZTA0MWNkNzRhNDMxYjU4ZDUyYTBmODIiLCJzaGEyNTY6Njg3NTdkOWE0MjEyM2YzMTE4ZmY5YjVmYzU1NDkxOWY1MGY0ZjBlMzMyYTM1ZGM3MTZjZDdkZGYzOWQxNmVmYyIsInNoYTI1NjoxNzYyNTRlM2E3MzI3MTE3ZTExMjJhYzllYTJjYjkwMjUyMWEzMDg5Njk1YTczMDUwYjVhMjgxODFjYmZlMDJkIiwic2hhMjU2OjczZDQ5YzllOGMyZTc5YTM3OWQ4MjJkOTBhMWU1YThiNjcwOGIyYjIyZGM0MjQ0ODkxMmU2ZjY3ZjUwNzM2MjUiLCJzaGEyNTY6ZjQ3OWRiZTI2ZTUxMDgwZDllMjM0ZDQwOTgzZGRiYWYwZThmNjA3ZDM5ZDYzNjJlOGU2MjNjMjU1ODgwZjU3YyIsInNoYTI1Njo1YzU5YTA4NTM3MjM2ZjgyM2ZjZWZkNThjNjdlOTc2NTRhNjY0ZWI1OGI5ZDM1MDM1MmY1MTBlYTk2MjcxZWYxIiwic2hhMjU2OmQwZmZmNzAyMGY4OTVjNmJmNGIxYWMwYzU1MDQyN2IwOTU0ZWJkZjY2MDM4ZDI1Y2QxOTFiNDk5ZWY3NDc0Y2EiLCJzaGEyNTY6OGNkZjFjYzZkZjI4YThmMWQxZDZhMTRhMDFhNjBlMjE1MGE5N2UzMWMzMDQ4MGY0YWMxMGU4ZjI4MjY5MTc3YiIsInNoYTI1Njo5YzhiOGViZWI1OWFjZGRkODIzZWFjM2U5NzUyMzNiZWZjMzU4ZWQ0ODVlZTk2ZTYxYWMxNWM5NGYzNzgwNDY5Iiwic2hhMjU2OjFjNWUwODE5ODJkMTg5MTlhNWMyZTY3NmZiMDNmYjUxODJmMjA5M2IxMzU5ODFjNTI2YWRhZjQyZjg4MmMyMTEiXX19",
2869
+ "repoDigests": [
2870
+ "nextcloud/all-in-one@sha256:28debf2db54148bbbb658a2653fac9df3695731080e42c4838cbf77bb8f7b89c"
2871
+ ],
2872
+ "architecture": "amd64",
2873
+ "os": "linux"
2874
+ }
2875
+ },
2876
+ "distro": {
2877
+ "name": "alpine",
2878
+ "version": "3.18.5",
2879
+ "idLike": []
2880
+ },
2881
+ "descriptor": {
2882
+ "name": "grype",
2883
+ "version": "0.73.5",
2884
+ "configuration": {
2885
+ "output": [
2886
+ "json"
2887
+ ],
2888
+ "file": "",
2889
+ "distro": "",
2890
+ "add-cpes-if-none": false,
2891
+ "output-template-file": "",
2892
+ "check-for-app-update": true,
2893
+ "only-fixed": false,
2894
+ "only-notfixed": false,
2895
+ "ignore-wontfix": "",
2896
+ "platform": "",
2897
+ "search": {
2898
+ "scope": "squashed",
2899
+ "unindexed-archives": false,
2900
+ "indexed-archives": true
2901
+ },
2902
+ "ignore": null,
2903
+ "exclude": [],
2904
+ "db": {
2905
+ "cache-dir": "/root/.cache/grype/db",
2906
+ "update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json",
2907
+ "ca-cert": "",
2908
+ "auto-update": true,
2909
+ "validate-by-hash-on-start": false,
2910
+ "validate-age": true,
2911
+ "max-allowed-built-age": 432000000000000
2912
+ },
2913
+ "externalSources": {
2914
+ "enable": false,
2915
+ "maven": {
2916
+ "searchUpstreamBySha1": true,
2917
+ "baseUrl": "https://search.maven.org/solrsearch/select"
2918
+ }
2919
+ },
2920
+ "match": {
2921
+ "java": {
2922
+ "using-cpes": false
2923
+ },
2924
+ "dotnet": {
2925
+ "using-cpes": false
2926
+ },
2927
+ "golang": {
2928
+ "using-cpes": false,
2929
+ "always-use-cpe-for-stdlib": true
2930
+ },
2931
+ "javascript": {
2932
+ "using-cpes": false
2933
+ },
2934
+ "python": {
2935
+ "using-cpes": false
2936
+ },
2937
+ "ruby": {
2938
+ "using-cpes": false
2939
+ },
2940
+ "rust": {
2941
+ "using-cpes": false
2942
+ },
2943
+ "stock": {
2944
+ "using-cpes": true
2945
+ }
2946
+ },
2947
+ "fail-on-severity": "",
2948
+ "registry": {
2949
+ "insecure-skip-tls-verify": false,
2950
+ "insecure-use-http": false,
2951
+ "auth": null,
2952
+ "ca-cert": ""
2953
+ },
2954
+ "show-suppressed": false,
2955
+ "by-cve": false,
2956
+ "name": "",
2957
+ "default-image-pull-source": "",
2958
+ "vex-documents": [],
2959
+ "vex-add": []
2960
+ },
2961
+ "db": {
2962
+ "built": "2024-01-08T01:28:07Z",
2963
+ "schemaVersion": 5,
2964
+ "location": "/root/.cache/grype/db/5",
2965
+ "checksum": "sha256:e942622ffe229c3dbd4fc38e5ca4443a237ba63ad45a46c3b0a6e8ce3b544e02",
2966
+ "error": null
2967
+ },
2968
+ "timestamp": "2024-01-08T19:42:00.330559791Z"
2969
+ }
2970
+ }