Closed PettitWesley closed 2 months ago
$ trivy image public.ecr.aws/aws-observability/aws-for-fluent-bit:2.32.2 2024-04-22T16:21:51.351-0700 INFO Need to update DB 2024-04-22T16:21:51.351-0700 INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2024-04-22T16:21:51.351-0700 INFO Downloading DB... 45.27 MiB / 45.27 MiB [----------------------------------------------------------------------------------------------------------------] 100.00% 8.81 MiB p/s 5.3s 2024-04-22T16:21:57.339-0700 INFO Vulnerability scanning is enabled 2024-04-22T16:21:57.339-0700 INFO Secret scanning is enabled 2024-04-22T16:21:57.339-0700 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-04-22T16:21:57.339-0700 INFO Please see also https://aquasecurity.github.io/trivy/v0.38/docs/secret/scanning/#recommendation for faster secret detection 2024-04-22T16:22:09.483-0700 INFO Detected OS: amazon 2024-04-22T16:22:09.483-0700 INFO Detecting Amazon Linux vulnerabilities... 2024-04-22T16:22:09.491-0700 INFO Number of language-specific files: 0 public.ecr.aws/aws-observability/aws-for-fluent-bit:2.32.2 (amazon 2 (Karoo)) Total: 7 (UNKNOWN: 0, LOW: 0, MEDIUM: 6, HIGH: 1, CRITICAL: 0) ┌────────────┬────────────────┬──────────┬─────────────────────┬─────────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├────────────┼────────────────┼──────────┼─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤ │ glib2 │ CVE-2020-35457 │ HIGH │ 2.56.1-9.amzn2.0.7 │ 2.56.1-9.amzn2.0.8 │ GNOME GLib before 2.65.3 has an integer overflow, that might │ │ │ │ │ │ │ lead to... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-35457 │ ├────────────┼────────────────┼──────────┼─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤ │ krb5-devel │ CVE-2024-26458 │ MEDIUM │ 1.15.1-55.amzn2.2.6 │ 1.15.1-55.amzn2.2.7 │ krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26458 │ │ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-26461 │ │ │ │ krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26461 │ ├────────────┼────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ │ krb5-libs │ CVE-2024-26458 │ │ │ │ krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26458 │ │ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-26461 │ │ │ │ krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26461 │ ├────────────┼────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ │ libkadm5 │ CVE-2024-26458 │ │ │ │ krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26458 │ │ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-26461 │ │ │ │ krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26461 │ └────────────┴────────────────┴──────────┴─────────────────────┴─────────────────────┴──────────────────────────────────────────────────────────────┘
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.