tubone24 / blog

tubone's Blog made by Gatsby.js and Netlify
https://blog.tubone-project24.xyz/
Other
6 stars 2 forks source link

Update dependency hashicorp/terraform to v1.5.3 #1333

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
hashicorp/terraform minor 1.4.4 -> 1.5.3
hashicorp/terraform required_version minor 1.4.4 -> 1.5.3

Release Notes

hashicorp/terraform (hashicorp/terraform) ### [`v1.5.3`](https://togithub.com/hashicorp/terraform/releases/tag/v1.5.3) [Compare Source](https://togithub.com/hashicorp/terraform/compare/v1.5.2...v1.5.3) #### 1.5.3 (July 12, 2023) BUG FIXES: - core: Terraform could fail to evaluate module outputs when they are used in a provider configuration during a destroy operation ([#​33462](https://togithub.com/hashicorp/terraform/pull/33462)) - backend/consul: When failing to save state, `consul CAS failed with transaction errors` no longer shows an error instance memory address, but an actual error message. ([#​33108](https://togithub.com/hashicorp/terraform/pull/33108)) - plan renderer: Fixes crash when rendering the plan if a relevant attribute contains an integer index specified as a string. ([#​33475](https://togithub.com/hashicorp/terraform/issues/33475)) ### [`v1.5.2`](https://togithub.com/hashicorp/terraform/releases/tag/v1.5.2) [Compare Source](https://togithub.com/hashicorp/terraform/compare/v1.5.1...v1.5.2) #### 1.5.2 (June 28, 2023) BUG FIXES: - configs: Multiple `import` blocks with the same `id` string no longer result in a validation error ([#​33434](https://togithub.com/hashicorp/terraform/issues/33434)) ### [`v1.5.1`](https://togithub.com/hashicorp/terraform/releases/tag/v1.5.1) [Compare Source](https://togithub.com/hashicorp/terraform/compare/v1.5.0...v1.5.1) #### 1.5.1 (June 21, 2023) BUG FIXES: - core: plan validation would fail for providers using nested set attributes with computed object attribute ([#​33377](https://togithub.com/hashicorp/terraform/issues/33377)) ### [`v1.5.0`](https://togithub.com/hashicorp/terraform/releases/tag/v1.5.0) [Compare Source](https://togithub.com/hashicorp/terraform/compare/v1.4.6...v1.5.0) #### 1.5.0 (June 12, 2023) NEW FEATURES: - `check` blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure. The new independent `check` blocks must specify at least one `assert` block, but possibly many, each one with a `condition` expression and an `error_message` expression matching the existing [Custom Condition Checks](https://developer.hashicorp.com/terraform/language/v1.4.x/expressions/custom-conditions). Additionally, check blocks can optionally load a scoped [data source](https://developer.hashicorp.com/terraform/language/v1.4.x/data-sources). Scoped data sources match the existing data sources with the exception that they can only be referenced from within their check block. Unlike the existing `precondition` and `postcondition` blocks, Terraform will not halt execution should the scoped data block fail or error or if any of the assertions fail. This allows practitioners to continually validate the state of their infrastructure outside the usual lifecycle management cycle. - `import` blocks for importing infrastructure: Root module authors can now use the `import` block to declare their intent that Terraform adopt an existing resource. Import is now a configuration-driven, plannable action, and is processed as part of a normal plan. Running `terraform plan` will show a summary of the resources that Terraform has planned to import, along with any other plan changes. The existing `terraform import` CLI command has not been modified. This is an early version of the `import` block feature, for which we are actively seeking user feedback to shape future development. The `import` block currently does not support interpolation in the `id` field, which must be a string. - Generating configuration for imported resources: in conjunction with the `import` block, this feature enables easy templating of configuration when importing existing resources into Terraform. A new flag `-generate-config-out=PATH` is added to `terraform plan`. When this flag is set, Terraform will generate HCL configuration for any resource included in an `import` block that does not already have associated configuration, and write it to a new file at `PATH`. Before applying, review the generated configuration and edit it as necessary. - Adds a new `plantimestamp` function that returns the timestamp at plan time. This is similar to the `timestamp` function which returns the timestamp at apply time ([#​32980](https://togithub.com/hashicorp/terraform/pull/32980)). - Adds a new `strcontains` function that checks whether a given string contains a given substring. ([#​33069](https://togithub.com/hashicorp/terraform/issues/33069)) UPGRADE NOTES: - This is the last version of Terraform for which macOS 10.13 High Sierra or 10.14 Mojave are officially supported. Future Terraform versions may not function correctly on these older versions of macOS. - This is the last version of Terraform for which Windows 7, 8, Server 2008, and Server 2012 are supported by Terraform's main implementation language, Go. We already ended explicit support for versions earlier than Windows 10 in Terraform v0.15.0, but future Terraform versions may malfunction in more significant ways on these older Windows versions. - On Linux (and some other non-macOS Unix platforms we don't officially support), Terraform will now notice the `trust-ad` option in `/etc/resolv.conf` and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver. Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system. ENHANCEMENTS: - Terraform CLI's local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. ([#​32680](https://togithub.com/hashicorp/terraform/issues/32680)) - If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn't complete fast enough. ([#​32680](https://togithub.com/hashicorp/terraform/issues/32680)) - `pg` backend: Now supports the `PG_CONN_STR`, `PG_SCHEMA_NAME`, `PG_SKIP_SCHEMA_CREATION`, `PG_SKIP_TABLE_CREATION` and `PG_SKIP_INDEX_CREATION` environment variables. ([#​33045](https://togithub.com/hashicorp/terraform/issues/33045)) BUG FIXES: - `terraform init`: Fixed crash with invalid blank module name. ([#​32781](https://togithub.com/hashicorp/terraform/issues/32781)) - `moved` blocks: Fixed a typo in the error message that Terraform raises when you use `-target` to exclude an object that has been moved. ([#​33149](https://togithub.com/hashicorp/terraform/issues/33149)) #### Previous Releases For information on prior major and minor releases, see their changelogs: - [v1.4](https://togithub.com/hashicorp/terraform/blob/v1.4/CHANGELOG.md) - [v1.3](https://togithub.com/hashicorp/terraform/blob/v1.3/CHANGELOG.md) - [v1.2](https://togithub.com/hashicorp/terraform/blob/v1.2/CHANGELOG.md) - [v1.1](https://togithub.com/hashicorp/terraform/blob/v1.1/CHANGELOG.md) - [v1.0](https://togithub.com/hashicorp/terraform/blob/v1.0/CHANGELOG.md) - [v0.15](https://togithub.com/hashicorp/terraform/blob/v0.15/CHANGELOG.md) - [v0.14](https://togithub.com/hashicorp/terraform/blob/v0.14/CHANGELOG.md) - [v0.13](https://togithub.com/hashicorp/terraform/blob/v0.13/CHANGELOG.md) - [v0.12](https://togithub.com/hashicorp/terraform/blob/v0.12/CHANGELOG.md) - [v0.11 and earlier](https://togithub.com/hashicorp/terraform/blob/v0.11/CHANGELOG.md) ### [`v1.4.6`](https://togithub.com/hashicorp/terraform/releases/tag/v1.4.6) [Compare Source](https://togithub.com/hashicorp/terraform/compare/v1.4.5...v1.4.6) #### 1.4.6 (April 26, 2023) BUG FIXES - Fix bug when rendering plans that include null strings. ([#​33029](https://togithub.com/hashicorp/terraform/issues/33029)) - Fix bug when rendering plans that include unknown values in maps. ([#​33029](https://togithub.com/hashicorp/terraform/issues/33029)) - Fix bug where the plan would render twice when using older versions of TFE as a backend. ([#​33018](https://togithub.com/hashicorp/terraform/issues/33018)) - Fix bug where sensitive and unknown metadata was not being propagated to dynamic types while rendering plans. ([#​33057](https://togithub.com/hashicorp/terraform/issues/33057)) - Fix bug where sensitive metadata from the schema was not being included in the `terraform show -json` output. ([#​33059](https://togithub.com/hashicorp/terraform/issues/33059)) - Fix bug where computed attributes were not being rendered with the `# forces replacement` suffix. ([#​33065](https://togithub.com/hashicorp/terraform/issues/33065)) ### [`v1.4.5`](https://togithub.com/hashicorp/terraform/releases/tag/v1.4.5) [Compare Source](https://togithub.com/hashicorp/terraform/compare/v1.4.4...v1.4.5) #### 1.4.5 (April 12, 2023) - Revert change from \[[#​32892](https://togithub.com/hashicorp/terraform/issues/32892)] due to an upstream crash. - Fix planned destroy value which would cause `terraform_data` to fail when being replaced with `create_before_destroy` ([#​32988](https://togithub.com/hashicorp/terraform/issues/32988))

Configuration

📅 Schedule: Branch creation - "after 11pm,before 6am" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.



This PR has been generated by Mend Renovate. View repository job log here.

github-actions[bot] commented 1 year ago

Snyk vulnerability report

OSS packages

Tested 1716 dependencies for known issues, found 7 issues, 7 vulnerable paths. Issues to fix by upgrading: Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2 introduced by gatsby-plugin-optimize-svgs@1.0.5 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2 This issue was fixed in versions: 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973] in word-wrap@1.2.3 introduced by gatsby@4.25.7 > eslint@7.32.0 > optionator@0.9.1 > word-wrap@1.2.3 No upgrade or patch available Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-3310899 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in libtasn1-6 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 11 vulnerabilities for node@18.12.1 ------------ ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 86 dependencies for known issues, found 76 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 76 2 critical, 8 high, 8 medium, 58 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.15-buster-slim 62 1 critical, 2 high, 1 medium, 58 low Major upgrades Base Image Vulnerabilities Severity node:20.2-buster-slim 62 1 critical, 2 high, 1 medium, 58 low Alternative image types Base Image Vulnerabilities Severity node:bookworm-slim 25 0 critical, 0 high, 0 medium, 25 low node:bullseye-slim 45 0 critical, 0 high, 0 medium, 45 low node:20.3.0-bookworm 128 0 critical, 1 high, 2 medium, 125 low node:20.3-buster 342 1 critical, 4 high, 5 medium, 332 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 1 year ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/648cf4c200fa3a2bd60d4e04 Website Draft URL: https://648cf4c200fa3a2bd60d4e04--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/648cf4c0bb4a66297046aba9 Website Draft URL: https://648cf4c0bb4a66297046aba9--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Bundle Analyzer URL

https://648cf4c0bb4a66297046aba9--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 1 year ago

Lighthouse Score

Desktop

performance: 96 accessibility: 100 best-practices: 92 seo: 92 pwa: 100

Mobile

performance: 56.99999999999999 accessibility: 100 best-practices: 83 seo: 93 pwa: 100

github-actions[bot] commented 1 year ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/6492f8fa5aadba008c50ccf9 Website Draft URL: https://6492f8fa5aadba008c50ccf9--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Bundle Analyzer URL

https://6492f8fa5aadba008c50ccf9--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 1 year ago

Memlab leaks report

``` page-load [7.7MB] (baseline) [s1] > action-on-page [9.1MB] (target) [s2] > revert [9.3MB] (final) [s3] ------3 clusters------ --Similar leaks in this run: 1038-- --Retained size of leaked objects: 157.5KB-- [] (synthetic) @1 [10.2MB] --4 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9835 [60.5KB] --setInterval (property)---> [] (closure) @65653 [264 bytes] --context (internal)---> [] (object) @65659 [20 bytes] --previous (internal)---> [] (object) @50571 [44.2KB] --n (variable)---> [t] (closure) @62949 [1.2KB] --context (internal)---> [] (object) @138625 [48KB] --n (variable)---> [Object] (object) @138699 [48KB] --449 (element)---> [Object] (object) @69585 [24 bytes] --exports (property)---> [r] (closure) @69591 [2.6KB] --hasData (property)---> [] (closure) @78707 [68 bytes] --context (internal)---> [] (object) @73721 [1.3KB] --e (variable)---> [Object] (object) @73723 [1KB] --2 (element)---> [Object] (object) @359919 [76 bytes] --aaAutocomplete (property)---> [f] (object) @406369 [348 bytes] --$node (property)---> [q] (object) @406371 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @339991 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @339477 [5.7KB] --7 (element)---> [Detached HTMLDivElement] (native) @338957 [428 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @339539 [428 bytes] --6 (element)---> [Detached HTMLAnchorElement] (native) @340065 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @340079 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @340093 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @340107 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @340121 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @340135 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @340149 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @340163 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @340177 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @340191 [2.3KB] --13 (element)---> [Detached InternalNode] (native) @318619904 [524 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @362117920 [64 bytes] --Similar leaks in this run: 270-- --Retained size of leaked objects: 54.3KB-- [] (synthetic) @1 [10.2MB] --4 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9835 [60.5KB] --___replace (property)---> [] (closure) @126219 [68 bytes] --context (internal)---> [] (object) @170447 [496 bytes] --a (variable)---> [Module] (object) @74017 [5.8KB] --get version (property)---> [version] (closure) @106397 [68 bytes] --context (internal)---> [] (object) @106401 [16.4KB] --Qn (variable)---> [y] (object) @444007 [368 bytes] --props (property)---> [Object] (object) @452637 [28 bytes] --children (property)---> [Object] (object) @452621 [296 bytes] --props (property)---> [Object] (object) @452623 [56 bytes] --children (property)---> [Object] (object) @452635 [1.2KB] --__ (property)---> [Object] (object) @482611 [1.1KB] --__ (property)---> [Object] (object) @482623 [940 bytes] --__ (property)---> [Object] (object) @476545 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @339083 [504 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @339081 [428 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @339073 [428 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @340031 [14.6KB] --5 (element)---> [Detached HTMLAnchorElement] (native) @340029 [2.3KB] --12 (element)---> [Detached InternalNode] (native) @360079264 [748 bytes] --3 (element)---> [Detached InternalNode] (native) @360078784 [576 bytes] --1 (element)---> [Detached InternalNode] (native) @362183776 [576 bytes] --4 (element)---> [Detached Attr] (native) @362113920 [96 bytes] --Similar leaks in this run: 8-- --Retained size of leaked objects: 1.6KB-- [] (synthetic) @1 [10.2MB] --4 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9835 [60.5KB] --__twttrll (property)---> [Array] (object) @105797 [184 bytes] --push (property)---> [e] (closure) @105799 [68 bytes] --context (internal)---> [] (object) @105785 [240 bytes] --n (variable)---> [Object] (object) @105789 [12.7KB] --93 (element)---> [Object] (object) @229807 [24 bytes] --exports (property)---> [Object] (object) @229303 [3.4KB] --init (property)---> [init] (closure) @230187 [68 bytes] --context (internal)---> [] (object) @230233 [3KB] --i (variable)---> [Detached HTMLIFrameElement] (native) @40389 [564 bytes] --5 (element)---> [Detached DOMTokenList] (native) @359342528 [56 bytes] ```
github-actions[bot] commented 1 year ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/6492f965d48d35008260ff78 Website Draft URL: https://6492f965d48d35008260ff78--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Snyk vulnerability report

OSS packages

Tested 1716 dependencies for known issues, found 8 issues, 80 vulnerable paths. Issues to fix by upgrading: Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.7 introduced by @typescript-eslint/eslint-plugin@5.38.0 > semver@7.3.7 and 72 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2 introduced by gatsby-plugin-optimize-svgs@1.0.5 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2 This issue was fixed in versions: 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973] in word-wrap@1.2.3 introduced by gatsby@4.25.7 > eslint@7.32.0 > optionator@0.9.1 > word-wrap@1.2.3 No upgrade or patch available Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-3310899 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in libtasn1-6 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 11 vulnerabilities for node@18.12.1 ------------ ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 86 dependencies for known issues, found 76 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 76 2 critical, 8 high, 8 medium, 58 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.15-buster-slim 62 1 critical, 2 high, 1 medium, 58 low Major upgrades Base Image Vulnerabilities Severity node:20.2-buster-slim 62 1 critical, 2 high, 1 medium, 58 low Alternative image types Base Image Vulnerabilities Severity node:bookworm-slim 25 0 critical, 0 high, 0 medium, 25 low node:bullseye-slim 45 0 critical, 0 high, 0 medium, 45 low node:20.3.0-bookworm 129 0 critical, 0 high, 0 medium, 129 low node:20.3-buster 343 1 critical, 4 high, 5 medium, 333 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 1 year ago

Lighthouse Score

Desktop

performance: 96 accessibility: 100 best-practices: 92 seo: 92 pwa: 100

Mobile

performance: 75 accessibility: 100 best-practices: 83 seo: 93 pwa: 100

github-actions[bot] commented 1 year ago

Snyk vulnerability report

OSS packages

Tested 1716 dependencies for known issues, found 8 issues, 80 vulnerable paths. Issues to fix by upgrading: Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.7 introduced by @typescript-eslint/eslint-plugin@5.38.0 > semver@7.3.7 and 72 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2 introduced by gatsby-plugin-optimize-svgs@1.0.5 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2 This issue was fixed in versions: 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973] in word-wrap@1.2.3 introduced by gatsby@4.25.7 > eslint@7.32.0 > optionator@0.9.1 > word-wrap@1.2.3 No upgrade or patch available Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-3310899 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in libtasn1-6 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 11 vulnerabilities for node@18.12.1 ------------ ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 86 dependencies for known issues, found 79 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 79 2 critical, 8 high, 8 medium, 61 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.16.0-buster-slim 65 1 critical, 2 high, 1 medium, 61 low Major upgrades Base Image Vulnerabilities Severity node:20.3.0-buster-slim 65 1 critical, 2 high, 1 medium, 61 low Alternative image types Base Image Vulnerabilities Severity node:20.3.0-slim 28 0 critical, 0 high, 0 medium, 28 low node:18.16.0-bookworm-slim 28 0 critical, 0 high, 0 medium, 28 low node:20.3.0-bullseye-slim 48 0 critical, 0 high, 0 medium, 48 low node:20.3.0-bookworm 132 0 critical, 0 high, 0 medium, 132 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 1 year ago

Memlab leaks report

``` page-load [8.1MB] (baseline) [s1] > action-on-page [9.6MB] (target) [s2] > revert [9.9MB] (final) [s3] ------3 clusters------ --Similar leaks in this run: 1155-- --Retained size of leaked objects: 172.4KB-- [] (synthetic) @1 [10.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [75.3KB] --setTimeout (property)---> [] (closure) @60139 [72 bytes] --context (internal)---> [] (object) @120195 [20 bytes] --previous (internal)---> [] (object) @119277 [44.1KB] --n (variable)---> [t] (closure) @125819 [1.2KB] --context (internal)---> [] (object) @142349 [42.2KB] --n (variable)---> [Object] (object) @148839 [42.2KB] --449 (element)---> [Object] (object) @149333 [24 bytes] --exports (property)---> [r] (closure) @199865 [2.6KB] --hasData (property)---> [] (closure) @320215 [68 bytes] --context (internal)---> [] (object) @176721 [1.3KB] --e (variable)---> [Object] (object) @176701 [1KB] --1 (element)---> [Object] (object) @176703 [76 bytes] --aaAutocomplete (property)---> [f] (object) @277329 [348 bytes] --$node (property)---> [q] (object) @278499 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @42927 [844 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @43919 [304 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @43949 [400 bytes] --7 (element)---> [Detached HTMLElement] (native) @43959 [400 bytes] --8 (element)---> [Detached HTMLElement] (native) @43957 [428 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @42847 [428 bytes] --8 (element)---> [Detached HTMLDivElement] (native) @42845 [524 bytes] --8 (element)---> [Detached HTMLDivElement] (native) @42843 [524 bytes] --8 (element)---> [Detached HTMLDivElement] (native) @42841 [524 bytes] --8 (element)---> [Detached HTMLDivElement] (native) @42839 [524 bytes] --8 (element)---> [Detached HTMLDivElement] (native) @42837 [524 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @42023 [428 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @42035 [428 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @42077 [428 bytes] --6 (element)---> [Detached HTMLAnchorElement] (native) @42089 [1.7KB] --12 (element)---> [Detached InternalNode] (native) @385528000 [332 bytes] --2 (element)---> [Detached NamedNodeMap] (native) @384821184 [32 bytes] --Similar leaks in this run: 290-- --Retained size of leaked objects: 54.3KB-- [] (synthetic) @1 [10.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [75.3KB] --___replace (property)---> [] (closure) @60317 [68 bytes] --context (internal)---> [] (object) @122107 [496 bytes] --a (variable)---> [Module] (object) @122111 [5.8KB] --get version (property)---> [version] (closure) @143761 [68 bytes] --context (internal)---> [] (object) @125879 [16.4KB] --Qn (variable)---> [y] (object) @487113 [368 bytes] --props (property)---> [Object] (object) @487929 [28 bytes] --children (property)---> [Object] (object) @513021 [296 bytes] --props (property)---> [Object] (object) @513081 [56 bytes] --children (property)---> [Object] (object) @499749 [1.2KB] --__ (property)---> [Object] (object) @529689 [1.1KB] --__ (property)---> [Object] (object) @529679 [940 bytes] --__ (property)---> [Object] (object) @499377 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @366493 [504 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @366491 [428 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @366487 [428 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @367195 [14.6KB] --5 (element)---> [Detached HTMLAnchorElement] (native) @367193 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @367187 [2.3KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @367181 [2.3KB] --13 (element)---> [Detached InternalNode] (native) @329881056 [748 bytes] --3 (element)---> [Detached InternalNode] (native) @329885696 [576 bytes] --1 (element)---> [Detached InternalNode] (native) @384881280 [576 bytes] --1 (element)---> [Detached Attr] (native) @384881120 [96 bytes] --Similar leaks in this run: 9-- --Retained size of leaked objects: 904 bytes-- [] (synthetic) @1 [10.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [75.3KB] --__twttrll (property)---> [Array] (object) @60581 [184 bytes] --push (property)---> [e] (closure) @155295 [68 bytes] --context (internal)---> [] (object) @98529 [240 bytes] --n (variable)---> [Object] (object) @149765 [13.2KB] --93 (element)---> [Object] (object) @152523 [24 bytes] --exports (property)---> [Object] (object) @152021 [3.5KB] --init (property)---> [init] (closure) @153041 [68 bytes] --context (internal)---> [] (object) @153241 [3.1KB] --r (variable)---> [Detached HTMLFormElement] (native) @40811 [1.8KB] --4 (element)---> [Detached HTMLInputElement] (native) @40817 [684 bytes] --8 (element)---> [Detached InternalNode] (native) @329842240 [328 bytes] --1 (element)---> [Detached ShadowRoot] (native) @386275904 [328 bytes] --4 (element)---> [Detached V8ObservableArrayCSSStyleSheet] (native) @386276064 [120 bytes] --2 (element)---> [Detached ObservableArrayExoticObject] (native) @385106496 [32 bytes] ```
github-actions[bot] commented 1 year ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/6497b10c7290f145f9e797da Website Draft URL: https://6497b10c7290f145f9e797da--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Bundle Analyzer URL

https://6497b10c7290f145f9e797da--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 1 year ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/6497b14e93a1cb4456b1482d Website Draft URL: https://6497b14e93a1cb4456b1482d--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Lighthouse Score

Desktop

performance: 97 accessibility: 100 best-practices: 92 seo: 92 pwa: 100

Mobile

performance: 72 accessibility: 100 best-practices: 83 seo: 93 pwa: 100

github-actions[bot] commented 1 year ago

Memlab leaks report

``` page-load [7.6MB] (baseline) [s1] > action-on-page [8.7MB] (target) [s2] > revert [9MB] (final) [s3] ------3 clusters------ --Similar leaks in this run: 1155-- --Retained size of leaked objects: 163KB-- [] (synthetic) @1 [9.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.1KB] --requestAnimationFrame (property)---> [] (closure) @181449 [156 bytes] --context (internal)---> [] (object) @181455 [68 bytes] --previous (internal)---> [] (object) @92173 [44KB] --n (variable)---> [t] (closure) @90873 [1.2KB] --context (internal)---> [] (object) @90865 [54.5KB] --n (variable)---> [Object] (object) @90871 [54.5KB] --449 (element)---> [Object] (object) @107579 [24 bytes] --exports (property)---> [r] (closure) @142861 [2.6KB] --hasData (property)---> [] (closure) @143327 [68 bytes] --context (internal)---> [] (object) @160223 [1.3KB] --e (variable)---> [Object] (object) @160207 [1KB] --2 (element)---> [Object] (object) @411755 [76 bytes] --aaAutocomplete (property)---> [f] (object) @410605 [348 bytes] --$node (property)---> [q] (object) @411927 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @343951 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @344189 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @344381 [428 bytes] --8 (element)---> [Detached HTMLAnchorElement] (native) @342363 [1.9KB] --11 (element)---> [Detached InternalNode] (native) @325184544 [652 bytes] --3 (element)---> [Detached InternalNode] (native) @325184064 [480 bytes] --1 (element)---> [Detached InternalNode] (native) @324757280 [480 bytes] --4 (element)---> [Detached Attr] (native) @365907968 [96 bytes] --Similar leaks in this run: 266-- --Retained size of leaked objects: 54.3KB-- [] (synthetic) @1 [9.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.1KB] --___push (property)---> [] (closure) @189253 [68 bytes] --context (internal)---> [] (object) @96701 [496 bytes] --a (variable)---> [Module] (object) @60927 [5.8KB] --get version (property)---> [version] (closure) @91087 [68 bytes] --context (internal)---> [] (object) @90919 [16.4KB] --Qn (variable)---> [y] (object) @451793 [368 bytes] --props (property)---> [Object] (object) @464963 [28 bytes] --children (property)---> [Object] (object) @464947 [296 bytes] --props (property)---> [Object] (object) @464949 [56 bytes] --children (property)---> [Object] (object) @464961 [1.2KB] --__ (property)---> [Object] (object) @476151 [1.1KB] --__ (property)---> [Object] (object) @476169 [940 bytes] --__ (property)---> [Object] (object) @476187 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @343071 [504 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @343069 [428 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @343065 [428 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @343991 [14.6KB] --5 (element)---> [Detached HTMLAnchorElement] (native) @343989 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @343983 [2.3KB] --13 (element)---> [Detached InternalNode] (native) @52251712 [748 bytes] --3 (element)---> [Detached InternalNode] (native) @52260032 [576 bytes] --1 (element)---> [Detached InternalNode] (native) @324514304 [576 bytes] --2 (element)---> [Detached Attr] (native) @365902848 [96 bytes] --Similar leaks in this run: 1-- --Retained size of leaked objects: 56 bytes-- [] (synthetic) @1 [9.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.1KB] --__twttrll (property)---> [Array] (object) @185461 [184 bytes] --push (property)---> [e] (closure) @185463 [68 bytes] --context (internal)---> [] (object) @185449 [240 bytes] --n (variable)---> [Object] (object) @185453 [13.2KB] --151 (element)---> [Object] (object) @195825 [1KB] --exports (property)---> [] (closure) @196431 [984 bytes] --context (internal)---> [] (object) @179439 [916 bytes] --d (variable)---> [Detached HTMLAnchorElement] (native) @43221 [228 bytes] --3 (element)---> [Detached DOMTokenList] (native) @359652800 [56 bytes] ```
github-actions[bot] commented 1 year ago

Memlab leaks report

``` page-load [8.2MB] (baseline) [s1] > action-on-page [9.1MB] (target) [s2] > revert [9.3MB] (final) [s3] ------3 clusters------ --Similar leaks in this run: 951-- --Retained size of leaked objects: 194KB-- [] (synthetic) @1 [10.2MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9827 [74.9KB] --setInterval (property)---> [] (closure) @164277 [72 bytes] --context (internal)---> [] (object) @164281 [20 bytes] --previous (internal)---> [] (object) @105219 [44.7KB] --n (variable)---> [t] (closure) @105387 [1.2KB] --context (internal)---> [] (object) @118145 [42.2KB] --n (variable)---> [Object] (object) @119161 [42.2KB] --449 (element)---> [Object] (object) @119357 [24 bytes] --exports (property)---> [r] (closure) @271603 [2.6KB] --hasData (property)---> [] (closure) @256187 [68 bytes] --context (internal)---> [] (object) @256183 [1.3KB] --e (variable)---> [Object] (object) @329353 [1KB] --1 (element)---> [Object] (object) @316643 [76 bytes] --aaAutocomplete (property)---> [f] (object) @319455 [348 bytes] --$node (property)---> [q] (object) @319467 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @42357 [1KB] --7 (element)---> [Detached HTMLDivElement] (native) @43369 [304 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @43401 [400 bytes] --7 (element)---> [Detached HTMLElement] (native) @43407 [400 bytes] --8 (element)---> [Detached HTMLElement] (native) @43405 [400 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @42235 [496 bytes] --8 (element)---> [Detached HTMLDivElement] (native) @42237 [496 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @42395 [400 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @42401 [400 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @42425 [400 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @42431 [400 bytes] --8 (element)---> [Detached HTMLAnchorElement] (native) @42433 [1.5KB] --13 (element)---> [Detached InternalNode] (native) @383589088 [304 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @390410112 [64 bytes] --Similar leaks in this run: 180-- --Retained size of leaked objects: 78.8KB-- [] (synthetic) @1 [10.2MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9827 [74.9KB] --___push (property)---> [] (closure) @265489 [68 bytes] --context (internal)---> [] (object) @180579 [496 bytes] --a (variable)---> [Module] (object) @121921 [5.8KB] --get version (property)---> [version] (closure) @242117 [68 bytes] --context (internal)---> [] (object) @113301 [16.4KB] --Qn (variable)---> [y] (object) @464183 [368 bytes] --props (property)---> [Object] (object) @488239 [28 bytes] --children (property)---> [Object] (object) @513353 [296 bytes] --props (property)---> [Object] (object) @513355 [56 bytes] --children (property)---> [Object] (object) @477737 [1.2KB] --__ (property)---> [Object] (object) @477743 [1.1KB] --__ (property)---> [Object] (object) @477769 [940 bytes] --__ (property)---> [Object] (object) @477787 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @367567 [796 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @367565 [720 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @367563 [720 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @367191 [18.7KB] --5 (element)---> [Detached HTMLAnchorElement] (native) @367189 [2.9KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @367181 [2.9KB] --8 (element)---> [Detached HTMLSpanElement] (native) @367177 [720 bytes] --6 (element)---> [Detached InternalNode] (native) @148297760 [268 bytes] --3 (element)---> [Detached InternalNode] (native) @342263520 [96 bytes] --1 (element)---> [Detached InternalNode] (native) @342263360 [96 bytes] --1 (element)---> [Detached Attr] (native) @390554304 [96 bytes] --Similar leaks in this run: 5-- --Retained size of leaked objects: 600 bytes-- [] (synthetic) @1 [10.2MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9827 [74.9KB] --__twttrll (property)---> [Array] (object) @65061 [184 bytes] --push (property)---> [e] (closure) @120497 [68 bytes] --context (internal)---> [] (object) @65043 [240 bytes] --n (variable)---> [Object] (object) @120109 [13.2KB] --92 (element)---> [Object] (object) @120975 [24 bytes] --exports (property)---> [o] (closure) @120355 [68 bytes] --context (internal)---> [] (object) @66071 [6.2KB] --g (variable)---> [Detached Text] (native) @44011 [396 bytes] --3 (element)---> [Detached InternalNode] (native) @384127776 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @384127616 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @147615392 [272 bytes] --1 (element)---> [Detached MutationObserverRegistration] (native) @384127936 [272 bytes] ```
github-actions[bot] commented 1 year ago

Snyk vulnerability report

OSS packages

Tested 1716 dependencies for known issues, found 8 issues, 80 vulnerable paths. Issues to fix by upgrading: Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.7 introduced by @typescript-eslint/eslint-plugin@5.38.0 > semver@7.3.7 and 72 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2 introduced by gatsby-plugin-optimize-svgs@1.0.5 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2 This issue was fixed in versions: 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973] in word-wrap@1.2.3 introduced by gatsby@4.25.7 > eslint@7.32.0 > optionator@0.9.1 > word-wrap@1.2.3 No upgrade or patch available Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-3310899 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in libtasn1-6 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 23 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 86 dependencies for known issues, found 91 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 79 2 critical, 8 high, 8 medium, 61 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.16.0-buster-slim 65 1 critical, 2 high, 1 medium, 61 low Major upgrades Base Image Vulnerabilities Severity node:20.3.0-buster-slim 65 1 critical, 2 high, 1 medium, 61 low Alternative image types Base Image Vulnerabilities Severity node:20.3.0-slim 28 0 critical, 0 high, 0 medium, 28 low node:18.16.0-bookworm-slim 28 0 critical, 0 high, 0 medium, 28 low node:20.3.0-bullseye-slim 48 0 critical, 0 high, 0 medium, 48 low node:20.3.0-bookworm 132 0 critical, 0 high, 0 medium, 132 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 1 year ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/649c7753d418920540845326 Website Draft URL: https://649c7753d418920540845326--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Bundle Analyzer URL

https://649c7753d418920540845326--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 1 year ago

Snyk vulnerability report

OSS packages

Tested 1716 dependencies for known issues, found 8 issues, 80 vulnerable paths. Issues to fix by upgrading: Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.7 introduced by @typescript-eslint/eslint-plugin@5.38.0 > semver@7.3.7 and 72 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2 introduced by gatsby-plugin-optimize-svgs@1.0.5 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2 This issue was fixed in versions: 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973] in word-wrap@1.2.3 introduced by gatsby@4.25.7 > eslint@7.32.0 > optionator@0.9.1 > word-wrap@1.2.3 No upgrade or patch available Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-3310899 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in libtasn1-6 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 23 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 86 dependencies for known issues, found 91 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 79 2 critical, 8 high, 8 medium, 61 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.16.0-buster-slim 65 1 critical, 2 high, 1 medium, 61 low Major upgrades Base Image Vulnerabilities Severity node:20.3.0-buster-slim 65 1 critical, 2 high, 1 medium, 61 low Alternative image types Base Image Vulnerabilities Severity node:20.3.0-slim 28 0 critical, 0 high, 0 medium, 28 low node:18.16.0-bookworm-slim 28 0 critical, 0 high, 0 medium, 28 low node:20.3.0-bullseye-slim 48 0 critical, 0 high, 0 medium, 48 low node:20.3.0-bookworm 132 0 critical, 0 high, 0 medium, 132 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 1 year ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/649c77a9741fe505460ed570 Website Draft URL: https://649c77a9741fe505460ed570--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/649c77e5ade2f805aa6d7de1 Website Draft URL: https://649c77e5ade2f805aa6d7de1--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/649c77c66fe6f805027f132f Website Draft URL: https://649c77c66fe6f805027f132f--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Lighthouse Score

Desktop

performance: 91 accessibility: 100 best-practices: 92 seo: 92 pwa: 100

Mobile

performance: 56.99999999999999 accessibility: 100 best-practices: 83 seo: 93 pwa: 100

github-actions[bot] commented 1 year ago

Bundle Analyzer URL

https://649c77c66fe6f805027f132f--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 1 year ago

Lighthouse Score

Desktop

performance: 95 accessibility: 100 best-practices: 92 seo: 92 pwa: 100

Mobile

performance: 69 accessibility: 100 best-practices: 83 seo: 93 pwa: 100

github-actions[bot] commented 1 year ago

Snyk vulnerability report

OSS packages

Tested 1716 dependencies for known issues, found 8 issues, 80 vulnerable paths. Issues to fix by upgrading: Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.7 introduced by @typescript-eslint/eslint-plugin@5.38.0 > semver@7.3.7 and 72 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2 introduced by gatsby-plugin-optimize-svgs@1.0.5 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2 This issue was fixed in versions: 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973] in word-wrap@1.2.3 introduced by gatsby@4.25.7 > eslint@7.32.0 > optionator@0.9.1 > word-wrap@1.2.3 No upgrade or patch available Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-3310899 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in libtasn1-6 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 23 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 86 dependencies for known issues, found 91 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 91 2 critical, 10 high, 16 medium, 63 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.16-buster-slim 65 1 critical, 2 high, 2 medium, 60 low Major upgrades Base Image Vulnerabilities Severity node:20.3.1-buster-slim 65 1 critical, 2 high, 2 medium, 60 low Alternative image types Base Image Vulnerabilities Severity node:20.3.1-bookworm-slim 28 0 critical, 0 high, 0 medium, 28 low node:20.3.1-bullseye-slim 48 0 critical, 0 high, 0 medium, 48 low node:hydrogen-bookworm 137 0 critical, 0 high, 0 medium, 137 low node:20.3.0-slim 40 0 critical, 2 high, 7 medium, 31 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 1 year ago

Memlab leaks report

``` page-load [7.7MB] (baseline) [s1] > action-on-page [8.7MB] (target) [s2] > revert [8.9MB] (final) [s3] ------3 clusters------ --Similar leaks in this run: 1211-- --Retained size of leaked objects: 176.2KB-- [] (synthetic) @1 [9.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [64.5KB] --setTimeout (property)---> [] (closure) @227825 [72 bytes] --context (internal)---> [] (object) @256119 [20 bytes] --previous (internal)---> [] (object) @57297 [44KB] --n (variable)---> [t] (closure) @240191 [1.2KB] --context (internal)---> [] (object) @131389 [42.4KB] --n (variable)---> [Object] (object) @263221 [42.3KB] --449 (element)---> [Object] (object) @205299 [24 bytes] --exports (property)---> [r] (closure) @205301 [2.6KB] --hasData (property)---> [] (closure) @159411 [68 bytes] --context (internal)---> [] (object) @159407 [1.3KB] --e (variable)---> [Object] (object) @198669 [1KB] --1 (element)---> [Object] (object) @144267 [76 bytes] --aaAutocomplete (property)---> [f] (object) @144439 [348 bytes] --$node (property)---> [q] (object) @144577 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @42803 [648 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @41997 [304 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @42019 [400 bytes] --7 (element)---> [Detached HTMLElement] (native) @42025 [400 bytes] --8 (element)---> [Detached HTMLElement] (native) @42023 [400 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @42949 [496 bytes] --8 (element)---> [Detached HTMLDivElement] (native) @42947 [496 bytes] --9 (element)---> [Detached HTMLDivElement] (native) @42945 [496 bytes] --9 (element)---> [Detached HTMLDivElement] (native) @42943 [496 bytes] --9 (element)---> [Detached HTMLDivElement] (native) @42941 [496 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @41765 [400 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @41771 [400 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @41113 [400 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @41119 [400 bytes] --5 (element)---> [Detached HTMLSpanElement] (native) @41131 [576 bytes] --8 (element)---> [Detached HTMLAnchorElement] (native) @41133 [2.2KB] --13 (element)---> [Detached InternalNode] (native) @363089280 [524 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @363048832 [64 bytes] --Similar leaks in this run: 220-- --Retained size of leaked objects: 54.3KB-- [] (synthetic) @1 [9.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [64.5KB] --___navigate (property)---> [] (closure) @297295 [68 bytes] --context (internal)---> [] (object) @268267 [496 bytes] --a (variable)---> [Module] (object) @205349 [5.8KB] --get version (property)---> [version] (closure) @133793 [68 bytes] --context (internal)---> [] (object) @133797 [16.4KB] --Qn (variable)---> [y] (object) @452743 [368 bytes] --props (property)---> [Object] (object) @494147 [28 bytes] --children (property)---> [Object] (object) @494133 [296 bytes] --props (property)---> [Object] (object) @494135 [56 bytes] --children (property)---> [Object] (object) @494145 [1.2KB] --__ (property)---> [Object] (object) @496401 [1.1KB] --__ (property)---> [Object] (object) @496411 [940 bytes] --__ (property)---> [Object] (object) @496425 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @345085 [504 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @345083 [428 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @345081 [428 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @344711 [14.6KB] --5 (element)---> [Detached HTMLAnchorElement] (native) @344709 [2.3KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @344703 [2.3KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @344697 [2.3KB] --7 (element)---> [Detached DOMTokenList] (native) @363048672 [56 bytes] --Similar leaks in this run: 7-- --Retained size of leaked objects: 608 bytes-- [] (synthetic) @1 [9.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [64.5KB] --__twttrll (property)---> [Array] (object) @259967 [184 bytes] --push (property)---> [e] (closure) @259969 [68 bytes] --context (internal)---> [] (object) @259953 [240 bytes] --n (variable)---> [Object] (object) @259957 [13.2KB] --92 (element)---> [Object] (object) @284299 [24 bytes] --exports (property)---> [o] (closure) @260103 [68 bytes] --context (internal)---> [] (object) @253913 [6.2KB] --g (variable)---> [Detached Text] (native) @43101 [396 bytes] --3 (element)---> [Detached InternalNode] (native) @330651520 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @361000768 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @361000608 [272 bytes] --1 (element)---> [Detached MutationObserverRegistration] (native) @60821888 [272 bytes] --1 (element)---> [Detached MutationObserver] (native) @330321920 [192 bytes] --1 (element)---> [Detached MutationObserver::Delegate] (native) @330321760 [80 bytes] --1 (element)---> [Detached V8MutationCallback] (native) @361004768 [40 bytes] ```
github-actions[bot] commented 1 year ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/649f8435bad6fb5d7141282f Website Draft URL: https://649f8435bad6fb5d7141282f--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/649f846e50d4bf5e7e7e0e14 Website Draft URL: https://649f846e50d4bf5e7e7e0e14--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Bundle Analyzer URL

https://649f8435bad6fb5d7141282f--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 1 year ago

Lighthouse Score

Desktop

performance: 96 accessibility: 100 best-practices: 92 seo: 92 pwa: 100

Mobile

performance: 64 accessibility: 100 best-practices: 83 seo: 93 pwa: 100

github-actions[bot] commented 1 year ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.7MB] (target) [s2] > revert [8.9MB] (final) [s3] ------3 clusters------ --Similar leaks in this run: 1010-- --Retained size of leaked objects: 163.1KB-- [] (synthetic) @1 [9.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.5KB] --setInterval (property)---> [] (closure) @65473 [264 bytes] --context (internal)---> [] (object) @65479 [20 bytes] --previous (internal)---> [] (object) @43151 [44KB] --n (variable)---> [t] (closure) @62517 [1.2KB] --context (internal)---> [] (object) @73779 [42.9KB] --n (variable)---> [Object] (object) @73785 [42.9KB] --449 (element)---> [Object] (object) @121629 [24 bytes] --exports (property)---> [r] (closure) @226461 [2.6KB] --hasData (property)---> [] (closure) @193517 [68 bytes] --context (internal)---> [] (object) @193513 [1.3KB] --e (variable)---> [Object] (object) @228419 [1KB] --2 (element)---> [Object] (object) @342677 [76 bytes] --aaAutocomplete (property)---> [f] (object) @382483 [348 bytes] --$node (property)---> [q] (object) @384625 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @341513 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @341899 [5.7KB] --7 (element)---> [Detached HTMLDivElement] (native) @342143 [428 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @342173 [428 bytes] --5 (element)---> [Detached HTMLAnchorElement] (native) @342177 [1.6KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @342217 [2.3KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @342231 [2.3KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @342245 [2.3KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @342259 [2.3KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @342299 [2.3KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @342377 [2.3KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @341859 [2.3KB] --13 (element)---> [Detached InternalNode] (native) @324204544 [524 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @360475520 [64 bytes] --Similar leaks in this run: 188-- --Retained size of leaked objects: 54.3KB-- [] (synthetic) @1 [9.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.5KB] --___navigate (property)---> [] (closure) @141943 [68 bytes] --context (internal)---> [] (object) @80757 [496 bytes] --a (variable)---> [Module] (object) @74395 [5.8KB] --get version (property)---> [version] (closure) @74137 [68 bytes] --context (internal)---> [] (object) @73887 [16.4KB] --Qn (variable)---> [y] (object) @447869 [368 bytes] --props (property)---> [Object] (object) @458299 [28 bytes] --children (property)---> [Object] (object) @458283 [296 bytes] --props (property)---> [Object] (object) @458285 [56 bytes] --children (property)---> [Object] (object) @458297 [1.2KB] --__ (property)---> [Object] (object) @461791 [1.1KB] --__ (property)---> [Object] (object) @461805 [940 bytes] --__ (property)---> [Object] (object) @461819 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @342185 [504 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @342183 [428 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @342181 [428 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @341581 [14.6KB] --8 (element)---> [Detached HTMLElement] (native) @341647 [30.3KB] --5 (element)---> [Detached HTMLDivElement] (native) @341597 [27.2KB] --6 (element)---> [Detached Text] (native) @341045 [204 bytes] --6 (element)---> [Detached HTMLImageElement] (native) @341043 [724 bytes] --7 (element)---> [Detached Text] (native) @341041 [204 bytes] --6 (element)---> [Detached HTMLParagraphElement] (native) @341025 [2.3KB] --8 (element)---> [Detached Text] (native) @341023 [204 bytes] --6 (element)---> [Detached HTMLHeadingElement] (native) @341019 [632 bytes] --8 (element)---> [Detached Text] (native) @341017 [204 bytes] --6 (element)---> [Detached HTMLParagraphElement] (native) @341013 [536 bytes] --8 (element)---> [Detached Text] (native) @341011 [204 bytes] --6 (element)---> [Detached HTMLParagraphElement] (native) @341007 [536 bytes] --8 (element)---> [Detached Text] (native) @341645 [204 bytes] --6 (element)---> [Detached HTMLImageElement] (native) @341643 [724 bytes] --9 (element)---> [Detached InternalNode] (native) @134110176 [460 bytes] --3 (element)---> [Detached InternalNode] (native) @134094336 [288 bytes] --1 (element)---> [Detached InternalNode] (native) @358010240 [288 bytes] --3 (element)---> [Detached Attr] (native) @360468320 [96 bytes] --Similar leaks in this run: 4-- --Retained size of leaked objects: 272 bytes-- [] (synthetic) @1 [9.8MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.5KB] --__twttrll (property)---> [Array] (object) @69401 [184 bytes] --push (property)---> [e] (closure) @69403 [68 bytes] --context (internal)---> [] (object) @69387 [240 bytes] --n (variable)---> [Object] (object) @69391 [13.2KB] --92 (element)---> [Object] (object) @124435 [24 bytes] --exports (property)---> [o] (closure) @69547 [68 bytes] --context (internal)---> [] (object) @62901 [6.2KB] --g (variable)---> [Detached Text] (native) @42257 [396 bytes] --3 (element)---> [Detached InternalNode] (native) @358114624 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @358114784 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @358115104 [272 bytes] --1 (element)---> [Detached MutationObserverRegistration] (native) @358115264 [272 bytes] --1 (element)---> [Detached MutationObserver] (native) @358472672 [192 bytes] --1 (element)---> [Detached MutationObserver::Delegate] (native) @358472512 [80 bytes] --1 (element)---> [Detached V8MutationCallback] (native) @358119424 [40 bytes] ```
github-actions[bot] commented 1 year ago

Snyk vulnerability report

OSS packages

Tested 1716 dependencies for known issues, found 8 issues, 80 vulnerable paths. Issues to fix by upgrading: Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.7 introduced by @typescript-eslint/eslint-plugin@5.38.0 > semver@7.3.7 and 72 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2 introduced by gatsby-plugin-optimize-svgs@1.0.5 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2 This issue was fixed in versions: 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973] in word-wrap@1.2.3 introduced by gatsby@4.25.7 > eslint@7.32.0 > optionator@0.9.1 > word-wrap@1.2.3 No upgrade or patch available Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-3310899 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in libtasn1-6 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 23 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 86 dependencies for known issues, found 91 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 91 2 critical, 10 high, 16 medium, 63 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.16-buster-slim 65 1 critical, 2 high, 2 medium, 60 low Major upgrades Base Image Vulnerabilities Severity node:20.3.1-buster-slim 65 1 critical, 2 high, 2 medium, 60 low Alternative image types Base Image Vulnerabilities Severity node:20.3.1-bookworm-slim 28 0 critical, 0 high, 0 medium, 28 low node:20.3.1-bullseye-slim 48 0 critical, 0 high, 0 medium, 48 low node:hydrogen-bookworm 138 0 critical, 0 high, 0 medium, 138 low node:20.3.0-slim 40 0 critical, 2 high, 7 medium, 31 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 1 year ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/64a1282d22c0772c47878926 Website Draft URL: https://64a1282d22c0772c47878926--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/64a1287950d4bf28557df791 Website Draft URL: https://64a1287950d4bf28557df791--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Bundle Analyzer URL

https://64a1282d22c0772c47878926--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 1 year ago

Lighthouse Score

Desktop

performance: 98 accessibility: 100 best-practices: 92 seo: 92 pwa: 100

Mobile

performance: 65 accessibility: 100 best-practices: 92 seo: 93 pwa: 100

github-actions[bot] commented 1 year ago

Snyk vulnerability report

OSS packages

Tested 1716 dependencies for known issues, found 8 issues, 80 vulnerable paths. Issues to fix by upgrading: Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.7 introduced by @typescript-eslint/eslint-plugin@5.38.0 > semver@7.3.7 and 72 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2 introduced by gatsby-plugin-optimize-svgs@1.0.5 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2 This issue was fixed in versions: 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973] in word-wrap@1.2.3 introduced by gatsby@4.25.7 > eslint@7.32.0 > optionator@0.9.1 > word-wrap@1.2.3 No upgrade or patch available Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-3310899 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in libtasn1-6 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 23 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 86 dependencies for known issues, found 91 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 91 2 critical, 10 high, 16 medium, 63 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.16-buster-slim 65 1 critical, 2 high, 2 medium, 60 low Major upgrades Base Image Vulnerabilities Severity node:20.3.1-buster-slim 65 1 critical, 2 high, 2 medium, 60 low Alternative image types Base Image Vulnerabilities Severity node:20.3.1-bookworm-slim 28 0 critical, 0 high, 0 medium, 28 low node:20.3.1-bullseye-slim 48 0 critical, 0 high, 0 medium, 48 low node:hydrogen-bookworm 138 0 critical, 0 high, 0 medium, 138 low node:20.3.0-slim 40 0 critical, 2 high, 7 medium, 31 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 1 year ago

Memlab leaks report

``` page-load [7.8MB] (baseline) [s1] > action-on-page [9.2MB] (target) [s2] > revert [9.4MB] (final) [s3] ------3 clusters------ --Similar leaks in this run: 1177-- --Retained size of leaked objects: 166KB-- [] (synthetic) @1 [10.3MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.1KB] --webpackChunkblog (property)---> [Array] (object) @66193 [8.7KB] --push (property)---> [native_bind] (closure) @238359 [128 bytes] --bound_function (internal)---> [r] (closure) @238759 [68 bytes] --context (internal)---> [] (object) @240053 [312 bytes] --previous (internal)---> [] (object) @234771 [43.2KB] --n (variable)---> [Object] (object) @237871 [43.1KB] --449 (element)---> [Object] (object) @200849 [24 bytes] --exports (property)---> [r] (closure) @200851 [2.6KB] --hasData (property)---> [] (closure) @51995 [68 bytes] --context (internal)---> [] (object) @51991 [1.3KB] --e (variable)---> [Object] (object) @155031 [1KB] --2 (element)---> [Object] (object) @348757 [76 bytes] --aaAutocomplete (property)---> [f] (object) @358921 [348 bytes] --$node (property)---> [q] (object) @358443 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @346465 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @346789 [5.7KB] --9 (element)---> [Detached HTMLHRElement] (native) @346777 [332 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @346775 [3KB] --5 (element)---> [Detached HTMLAnchorElement] (native) @346773 [2.6KB] --11 (element)---> [Detached InternalNode] (native) @288439456 [460 bytes] --3 (element)---> [Detached InternalNode] (native) @288444096 [288 bytes] --1 (element)---> [Detached InternalNode] (native) @287303456 [288 bytes] --2 (element)---> [Detached Attr] (native) @287254368 [96 bytes] --Similar leaks in this run: 287-- --Retained size of leaked objects: 54.3KB-- [] (synthetic) @1 [10.3MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.1KB] --___replace (property)---> [] (closure) @66605 [68 bytes] --context (internal)---> [] (object) @245021 [496 bytes] --a (variable)---> [Module] (object) @163657 [5.8KB] --get version (property)---> [version] (closure) @241251 [68 bytes] --context (internal)---> [] (object) @84781 [16.4KB] --Qn (variable)---> [y] (object) @456077 [368 bytes] --props (property)---> [Object] (object) @463275 [28 bytes] --children (property)---> [Object] (object) @463259 [296 bytes] --props (property)---> [Object] (object) @463261 [56 bytes] --children (property)---> [Object] (object) @463273 [1.2KB] --__ (property)---> [Object] (object) @482579 [1.1KB] --__ (property)---> [Object] (object) @482561 [940 bytes] --__ (property)---> [Object] (object) @482567 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @347051 [504 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @347049 [428 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @347047 [428 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @347045 [7.5KB] --5 (element)---> [Detached HTMLDivElement] (native) @347041 [6.7KB] --6 (element)---> [Detached HTMLDivElement] (native) @347033 [5.5KB] --5 (element)---> [Detached HTMLDivElement] (native) @347031 [4.5KB] --5 (element)---> [Detached HTMLPictureElement] (native) @347029 [3.4KB] --6 (element)---> [Detached HTMLImageElement] (native) @347023 [1.6KB] --11 (element)---> [Detached InternalNode] (native) @288425376 [460 bytes] --3 (element)---> [Detached InternalNode] (native) @288424896 [288 bytes] --1 (element)---> [Detached InternalNode] (native) @287323744 [288 bytes] --2 (element)---> [Detached Attr] (native) @287309056 [96 bytes] --Similar leaks in this run: 6-- --Retained size of leaked objects: 400 bytes-- [] (synthetic) @1 [10.3MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.1KB] --__twttrll (property)---> [Array] (object) @66631 [184 bytes] --push (property)---> [e] (closure) @224047 [68 bytes] --context (internal)---> [] (object) @224033 [240 bytes] --n (variable)---> [Object] (object) @224037 [13.2KB] --92 (element)---> [Object] (object) @250549 [24 bytes] --exports (property)---> [o] (closure) @224181 [68 bytes] --context (internal)---> [] (object) @221039 [6.2KB] --g (variable)---> [Detached Text] (native) @42933 [396 bytes] --3 (element)---> [Detached InternalNode] (native) @329866368 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @329570976 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @328690720 [272 bytes] --1 (element)---> [Detached MutationObserverRegistration] (native) @328690880 [272 bytes] --1 (element)---> [Detached MutationObserver] (native) @328208288 [192 bytes] --1 (element)---> [Detached MutationObserver::Delegate] (native) @328208128 [80 bytes] --1 (element)---> [Detached V8MutationCallback] (native) @287572768 [40 bytes] ```
github-actions[bot] commented 1 year ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/64a13fba967a46360958ebe5 Website Draft URL: https://64a13fba967a46360958ebe5--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/64a13fee04804b35680f860e Website Draft URL: https://64a13fee04804b35680f860e--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 1 year ago

Bundle Analyzer URL

https://64a13fba967a46360958ebe5--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 1 year ago

Lighthouse Score

Desktop

performance: 97 accessibility: 100 best-practices: 92 seo: 92 pwa: 100

Mobile

performance: 66 accessibility: 100 best-practices: 83 seo: 93 pwa: 100

github-actions[bot] commented 1 year ago

Snyk vulnerability report

OSS packages

Tested 1716 dependencies for known issues, found 8 issues, 80 vulnerable paths. Issues to fix by upgrading: Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.7 introduced by @typescript-eslint/eslint-plugin@5.38.0 > semver@7.3.7 and 72 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2 introduced by gatsby-plugin-optimize-svgs@1.0.5 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2 This issue was fixed in versions: 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973] in word-wrap@1.2.3 introduced by gatsby@4.25.7 > eslint@7.32.0 > optionator@0.9.1 > word-wrap@1.2.3 No upgrade or patch available Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > tar@1.30+dfsg-6 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-3310899 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta From: glibc/libc-bin@2.28-10+deb10u2 From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in libtasn1-6 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 23 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 86 dependencies for known issues, found 91 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 91 2 critical, 10 high, 16 medium, 63 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.16-buster-slim 65 1 critical, 2 high, 2 medium, 60 low Major upgrades Base Image Vulnerabilities Severity node:20.3.1-buster-slim 65 1 critical, 2 high, 2 medium, 60 low Alternative image types Base Image Vulnerabilities Severity node:20.3.1-bookworm-slim 28 0 critical, 0 high, 0 medium, 28 low node:20.3.1-bullseye-slim 48 0 critical, 0 high, 0 medium, 48 low node:hydrogen-bookworm 138 0 critical, 0 high, 0 medium, 138 low node:20.3.0-slim 40 0 critical, 2 high, 7 medium, 31 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 1 year ago

Memlab leaks report

``` page-load [8MB] (baseline) [s1] > action-on-page [9.6MB] (target) [s2] > revert [9.8MB] (final) [s3] ------3 clusters------ --Similar leaks in this run: 1294-- --Retained size of leaked objects: 185.4KB-- [] (synthetic) @1 [10.7MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.9KB] --webpackChunkblog (property)---> [Array] (object) @88537 [8.7KB] --push (property)---> [native_bind] (closure) @175217 [128 bytes] --bound_function (internal)---> [r] (closure) @175459 [68 bytes] --context (internal)---> [] (object) @292641 [312 bytes] --previous (internal)---> [] (object) @292581 [42.4KB] --n (variable)---> [Object] (object) @304557 [42.3KB] --449 (element)---> [Object] (object) @254367 [24 bytes] --exports (property)---> [r] (closure) @140713 [2.6KB] --hasData (property)---> [] (closure) @63263 [68 bytes] --context (internal)---> [] (object) @63259 [1.3KB] --e (variable)---> [Object] (object) @140823 [1KB] --1 (element)---> [Object] (object) @140825 [76 bytes] --aaAutocomplete (property)---> [f] (object) @217859 [348 bytes] --$node (property)---> [q] (object) @240675 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @42109 [648 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @43201 [304 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @43229 [400 bytes] --7 (element)---> [Detached HTMLElement] (native) @43239 [400 bytes] --8 (element)---> [Detached HTMLElement] (native) @43237 [400 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @42011 [496 bytes] --8 (element)---> [Detached HTMLDivElement] (native) @42013 [496 bytes] --9 (element)---> [Detached HTMLDivElement] (native) @42015 [496 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @42231 [400 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @42237 [400 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @41707 [400 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @41715 [400 bytes] --5 (element)---> [Detached HTMLSpanElement] (native) @41723 [576 bytes] --9 (element)---> [Detached InternalNode] (native) @143222560 [240 bytes] --1 (element)---> [Detached DOMTokenList] (native) @389211456 [56 bytes] --Similar leaks in this run: 261-- --Retained size of leaked objects: 54.3KB-- [] (synthetic) @1 [10.7MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.9KB] --___push (property)---> [] (closure) @89005 [68 bytes] --context (internal)---> [] (object) @150713 [496 bytes] --a (variable)---> [Module] (object) @140587 [5.8KB] --get version (property)---> [version] (closure) @294431 [68 bytes] --context (internal)---> [] (object) @74597 [16.4KB] --Qn (variable)---> [y] (object) @473933 [368 bytes] --props (property)---> [Object] (object) @514877 [28 bytes] --children (property)---> [Object] (object) @514863 [296 bytes] --props (property)---> [Object] (object) @514865 [56 bytes] --children (property)---> [Object] (object) @476995 [1.2KB] --__ (property)---> [Object] (object) @477015 [1.1KB] --__ (property)---> [Object] (object) @477037 [940 bytes] --__ (property)---> [Object] (object) @477055 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @367467 [504 bytes] --7 (element)---> [Detached InternalNode] (native) @58219168 [344 bytes] --3 (element)---> [Detached InternalNode] (native) @58213248 [96 bytes] --1 (element)---> [Detached InternalNode] (native) @389557024 [96 bytes] --1 (element)---> [Detached Attr] (native) @389198496 [96 bytes] --Similar leaks in this run: 7-- --Retained size of leaked objects: 904 bytes-- [] (synthetic) @1 [10.7MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.9KB] --__twttrll (property)---> [Array] (object) @88897 [184 bytes] --push (property)---> [e] (closure) @332211 [68 bytes] --context (internal)---> [] (object) @196939 [240 bytes] --n (variable)---> [Object] (object) @305345 [13.2KB] --92 (element)---> [Object] (object) @335567 [24 bytes] --exports (property)---> [o] (closure) @305537 [68 bytes] --context (internal)---> [] (object) @197893 [6.2KB] --g (variable)---> [Detached Text] (native) @43733 [396 bytes] --3 (element)---> [Detached InternalNode] (native) @339206688 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @339206528 [272 bytes] --1 (element)---> [Detached InternalNode] (native) @339207008 [272 bytes] --1 (element)---> [Detached MutationObserverRegistration] (native) @339206848 [272 bytes] --1 (element)---> [Detached MutationObserver] (native) @389730464 [192 bytes] ```
github-actions[bot] commented 1 year ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/64a157a80e351348df3f9148 Website Draft URL: https://64a157a80e351348df3f9148--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod