tubone24 / blog

tubone's Blog made by Gatsby.js and Netlify
https://blog.tubone-project24.xyz/
Other
6 stars 2 forks source link

ogp #1438

Closed tubone24 closed 7 months ago

tubone24 commented 7 months ago

PR title

Status

READY/IN DEVELOPMENT/HOLD

Description

A few sentences describing the overall goals of the pull request's commits.

Related PRs

List related PRs against other branches:

branch PR
other_pr_master [link]()
other_pr_develop [link]()

Todos

Steps to Test or Reproduce

Outline the steps to test or reproduce the PR here.

git pull --prune
git checkout <feature_branch>
yarn test

Preview Deploy

Describe the URL of the Preview Deploy.

[link]()

Impacted Areas in Application

List general components of the application that this PR will affect:

Screenshot

Replace FIXME_BRANCH_NAME, FIXME_PR_NUMBER in the URL below with this branch name and PR number.

Desktop

Width 1200px

Desktop Home

Mobile

Width 400px

mobile home
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Alternative image types Base Image Vulnerabilities Severity node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.6.2-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low node:lts-bookworm 178 1 critical, 6 high, 7 medium, 164 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1634-- --Retained size of leaked objects: 176.8KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.3KB] --setTimeout (property)---> [] (closure) @47931 [72 bytes] --context (internal)---> [] (object) @238131 [20 bytes] --previous (internal)---> [] (object) @104105 [36KB] --n (variable)---> [t] (closure) @229543 [1.3KB] --context (internal)---> [] (object) @178493 [43.5KB] --n (variable)---> [Object] (object) @309941 [43.4KB] --449 (element)---> [Object] (object) @304307 [24 bytes] --exports (property)---> [r] (closure) @304309 [2.7KB] --hasData (property)---> [] (closure) @304931 [80 bytes] --context (internal)---> [] (object) @215615 [1.5KB] --e (variable)---> [Object] (object) @215599 [1KB] --2 (element)---> [Object] (object) @389809 [76 bytes] --aaAutocomplete (property)---> [f] (object) @385461 [348 bytes] --$node (property)---> [q] (object) @348721 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @334401 [716 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @334905 [5.7KB] --9 (element)---> [Detached HTMLHRElement] (native) @334917 [356 bytes] --8 (element)---> [Detached InternalNode] (native) @31290 [152 bytes] --1 (element)---> [Detached InternalNode] (native) @30462 [96 bytes] --1 (element)---> [Detached DOMTokenList] (native) @30464 [56 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50.3KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.3KB] --___replace (property)---> [] (closure) @48267 [80 bytes] --context (internal)---> [] (object) @85625 [748 bytes] --a (variable)---> [Module] (object) @215533 [6.3KB] --get version (property)---> [version] (closure) @180961 [80 bytes] --context (internal)---> [] (object) @133731 [6.5KB] --Qn (variable)---> [y] (object) @412935 [368 bytes] --props (property)---> [Object] (object) @452151 [28 bytes] --children (property)---> [Object] (object) @461769 [296 bytes] --props (property)---> [Object] (object) @464393 [56 bytes] --children (property)---> [Object] (object) @438801 [1.2KB] --__ (property)---> [Object] (object) @451393 [1.1KB] --__ (property)---> [Object] (object) @451403 [940 bytes] --__ (property)---> [Object] (object) @412787 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @334749 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334747 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334745 [384 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334441 [15.1KB] --5 (element)---> [Detached HTMLAnchorElement] (native) @334439 [2.4KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @334433 [2.4KB] --16 (element)---> [Detached InternalNode] (native) @35106 [224 bytes] --1 (element)---> [Detached InternalNode] (native) @33244 [224 bytes] --1 (element)---> [Detached InternalNode] (native) @33246 [224 bytes] --2 (element)---> [Detached InternalNode] (native) @39034 [112 bytes] --1 (element)---> [Detached EventListener] (native) @39178 [112 bytes] --1 (element)---> [Detached V8EventListener] (native) @35104 [40 bytes] ```
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65eed159f9ddda29b404635e Website Draft URL: https://65eed159f9ddda29b404635e--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://65eed159f9ddda29b404635e--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65eed197c5414f2c4bd2ece9 Website Draft URL: https://65eed197c5414f2c4bd2ece9--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Lighthouse Score

Desktop

performance: 98 accessibility: 100 best-practices: 100 seo: 92 pwa: 100

Mobile

performance: 82 accessibility: 100 best-practices: 96 seo: 93 pwa: 100

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts - sharp - /github/workspace/functions/src/ogp.js
github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts - sharp - /github/workspace/functions/src/ogp.js
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Alternative image types Base Image Vulnerabilities Severity node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.6.2-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low node:lts-bookworm 178 1 critical, 6 high, 7 medium, 164 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.2MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1634-- --Retained size of leaked objects: 171.7KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6257 [60.8KB] --setTimeout (property)---> [] (closure) @81081 [72 bytes] --context (internal)---> [] (object) @81089 [20 bytes] --previous (internal)---> [] (object) @52237 [36.1KB] --n (variable)---> [t] (closure) @51083 [1.3KB] --context (internal)---> [] (object) @72399 [43.5KB] --n (variable)---> [Object] (object) @72405 [43.4KB] --449 (element)---> [Object] (object) @89645 [24 bytes] --exports (property)---> [r] (closure) @121093 [2.7KB] --hasData (property)---> [] (closure) @145377 [80 bytes] --context (internal)---> [] (object) @145373 [1.5KB] --e (variable)---> [Object] (object) @326537 [1KB] --2 (element)---> [Object] (object) @345645 [76 bytes] --aaAutocomplete (property)---> [f] (object) @345649 [348 bytes] --$node (property)---> [q] (object) @347743 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @334197 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @334797 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @334563 [444 bytes] --6 (element)---> [Detached HTMLHRElement] (native) @334795 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334771 [444 bytes] --8 (element)---> [Detached HTMLHRElement] (native) @334769 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334487 [532 bytes] --5 (element)---> [Detached HTMLParagraphElement] (native) @334485 [1KB] --8 (element)---> [Detached HTMLAnchorElement] (native) @334673 [2KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @334689 [2KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @334699 [2KB] --16 (element)---> [Detached InternalNode] (native) @38740 [336 bytes] --2 (element)---> [Detached InternalNode] (native) @36894 [224 bytes] --1 (element)---> [Detached InternalNode] (native) @32820 [224 bytes] --2 (element)---> [Detached InternalNode] (native) @32824 [112 bytes] --1 (element)---> [Detached EventListener] (native) @38546 [112 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6257 [60.8KB] --___replace (property)---> [] (closure) @289105 [80 bytes] --context (internal)---> [] (object) @75723 [748 bytes] --a (variable)---> [Module] (object) @50725 [6.3KB] --get version (property)---> [version] (closure) @78497 [80 bytes] --context (internal)---> [] (object) @78311 [6.5KB] --Qn (variable)---> [y] (object) @402339 [368 bytes] --props (property)---> [Object] (object) @404815 [28 bytes] --children (property)---> [Object] (object) @457591 [296 bytes] --props (property)---> [Object] (object) @460593 [56 bytes] --children (property)---> [Object] (object) @434777 [1.2KB] --__ (property)---> [Object] (object) @475037 [1.1KB] --__ (property)---> [Object] (object) @475041 [940 bytes] --__ (property)---> [Object] (object) @411073 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @334659 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334657 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334655 [384 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334237 [15KB] --6 (element)---> [Detached HTMLAnchorElement] (native) @334205 [2KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @334211 [2.2KB] --8 (element)---> [Detached HTMLSpanElement] (native) @334207 [444 bytes] --6 (element)---> [Detached InternalNode] (native) @31724 [240 bytes] --2 (element)---> [Detached InternalNode] (native) @31726 [56 bytes] --1 (element)---> [Detached NodeList] (native) @31796 [56 bytes] ```
github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65eed49e73108221bc95667f Website Draft URL: https://65eed49e73108221bc95667f--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Alternative image types Base Image Vulnerabilities Severity node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.6.2-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low node:lts-bookworm 178 1 critical, 6 high, 7 medium, 164 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1634-- --Retained size of leaked objects: 176.3KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6271 [60.8KB] --setTimeout (property)---> [] (closure) @189873 [72 bytes] --context (internal)---> [] (object) @218639 [20 bytes] --previous (internal)---> [] (object) @51619 [36.1KB] --n (variable)---> [t] (closure) @225581 [1.3KB] --context (internal)---> [] (object) @283747 [43.5KB] --n (variable)---> [Object] (object) @283753 [43.4KB] --449 (element)---> [Object] (object) @106241 [24 bytes] --exports (property)---> [r] (closure) @106243 [2.7KB] --hasData (property)---> [] (closure) @259971 [80 bytes] --context (internal)---> [] (object) @229077 [1.5KB] --e (variable)---> [Object] (object) @229055 [1KB] --2 (element)---> [Object] (object) @344981 [76 bytes] --aaAutocomplete (property)---> [f] (object) @371637 [348 bytes] --$node (property)---> [q] (object) @370595 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @334293 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @334991 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @334629 [444 bytes] --6 (element)---> [Detached HTMLHRElement] (native) @334989 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334965 [444 bytes] --8 (element)---> [Detached HTMLHRElement] (native) @334963 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334553 [532 bytes] --5 (element)---> [Detached HTMLParagraphElement] (native) @334551 [1KB] --8 (element)---> [Detached HTMLAnchorElement] (native) @334545 [2KB] --16 (element)---> [Detached InternalNode] (native) @36664 [336 bytes] --2 (element)---> [Detached InternalNode] (native) @36666 [224 bytes] --1 (element)---> [Detached InternalNode] (native) @40056 [224 bytes] --2 (element)---> [Detached InternalNode] (native) @40058 [112 bytes] --1 (element)---> [Detached EventListener] (native) @37624 [112 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50.1KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6271 [60.8KB] --___replace (property)---> [] (closure) @227355 [80 bytes] --context (internal)---> [] (object) @226609 [748 bytes] --a (variable)---> [Module] (object) @106883 [6.3KB] --get version (property)---> [version] (closure) @317305 [80 bytes] --context (internal)---> [] (object) @238847 [6.5KB] --Qn (variable)---> [y] (object) @408763 [368 bytes] --props (property)---> [Object] (object) @416483 [28 bytes] --children (property)---> [Object] (object) @416485 [296 bytes] --props (property)---> [Object] (object) @418783 [56 bytes] --children (property)---> [Object] (object) @414033 [1.2KB] --__ (property)---> [Object] (object) @431457 [1.1KB] --__ (property)---> [Object] (object) @431475 [940 bytes] --__ (property)---> [Object] (object) @431491 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @334727 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334725 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334723 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334721 [7.9KB] --5 (element)---> [Detached HTMLDivElement] (native) @334719 [7.1KB] --6 (element)---> [Detached HTMLDivElement] (native) @334711 [5.9KB] --5 (element)---> [Detached HTMLDivElement] (native) @334709 [4.8KB] --6 (element)---> [Detached HTMLSpanElement] (native) @334697 [664 bytes] --9 (element)---> [Detached InternalNode] (native) @30834 [240 bytes] --2 (element)---> [Detached InternalNode] (native) @30838 [56 bytes] --1 (element)---> [Detached NodeList] (native) @36422 [56 bytes] ```
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65eed5329ed3fb2aa25c8554 Website Draft URL: https://65eed5329ed3fb2aa25c8554--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65eed54daaf1ae2d9af26b70 Website Draft URL: https://65eed54daaf1ae2d9af26b70--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://65eed5329ed3fb2aa25c8554--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Lighthouse Score

Desktop

performance: 92 accessibility: 100 best-practices: 100 seo: 92 pwa: 100

Mobile

performance: 56.99999999999999 accessibility: 100 best-practices: 96 seo: 93 pwa: 100

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Alternative image types Base Image Vulnerabilities Severity node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.6.2-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low node:lts-bookworm 178 1 critical, 6 high, 7 medium, 164 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.4MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1634-- --Retained size of leaked objects: 176.1KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.3KB] --setTimeout (property)---> [] (closure) @172205 [72 bytes] --context (internal)---> [] (object) @209291 [20 bytes] --previous (internal)---> [] (object) @69867 [36.1KB] --n (variable)---> [t] (closure) @116051 [1.3KB] --context (internal)---> [] (object) @221393 [43.5KB] --n (variable)---> [Object] (object) @221399 [43.4KB] --449 (element)---> [Object] (object) @233103 [24 bytes] --exports (property)---> [r] (closure) @94121 [2.7KB] --hasData (property)---> [] (closure) @116637 [80 bytes] --context (internal)---> [] (object) @93897 [1.5KB] --e (variable)---> [Object] (object) @93881 [1KB] --2 (element)---> [Object] (object) @368911 [76 bytes] --aaAutocomplete (property)---> [f] (object) @371321 [348 bytes] --$node (property)---> [q] (object) @388089 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @332685 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @333131 [5.7KB] --7 (element)---> [Detached HTMLDivElement] (native) @332957 [444 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @333161 [444 bytes] --5 (element)---> [Detached HTMLAnchorElement] (native) @333163 [1.7KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @333185 [2.5KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @333199 [2.5KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @333441 [2.5KB] --13 (element)---> [Detached InternalNode] (native) @33270 [488 bytes] --1 (element)---> [Detached InternalNode] (native) @29800 [432 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @29808 [72 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.3KB] --___replace (property)---> [] (closure) @172531 [80 bytes] --context (internal)---> [] (object) @224405 [748 bytes] --a (variable)---> [Module] (object) @116333 [6.3KB] --get version (property)---> [version] (closure) @225755 [80 bytes] --context (internal)---> [] (object) @112055 [6.5KB] --Qn (variable)---> [y] (object) @415469 [368 bytes] --props (property)---> [Object] (object) @415465 [28 bytes] --children (property)---> [Object] (object) @415477 [296 bytes] --props (property)---> [Object] (object) @415779 [56 bytes] --children (property)---> [Object] (object) @415795 [1.2KB] --__ (property)---> [Object] (object) @446065 [1.1KB] --__ (property)---> [Object] (object) @446069 [940 bytes] --__ (property)---> [Object] (object) @446043 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @332999 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @332997 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @332995 [384 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @332725 [15KB] --8 (element)---> [Detached HTMLElement] (native) @332743 [25.4KB] --5 (element)---> [Detached HTMLDivElement] (native) @332741 [22.1KB] --6 (element)---> [Detached Text] (native) @332579 [220 bytes] --6 (element)---> [Detached HTMLImageElement] (native) @332683 [764 bytes] --7 (element)---> [Detached Text] (native) @332561 [220 bytes] --6 (element)---> [Detached HTMLParagraphElement] (native) @332525 [2.5KB] --8 (element)---> [Detached Text] (native) @332521 [220 bytes] --6 (element)---> [Detached HTMLHeadingElement] (native) @332513 [664 bytes] --8 (element)---> [Detached Text] (native) @332509 [220 bytes] --6 (element)---> [Detached HTMLParagraphElement] (native) @332501 [576 bytes] --8 (element)---> [Detached Text] (native) @332497 [220 bytes] --6 (element)---> [Detached HTMLParagraphElement] (native) @332489 [576 bytes] --8 (element)---> [Detached Text] (native) @332485 [220 bytes] --6 (element)---> [Detached HTMLImageElement] (native) @332481 [764 bytes] --7 (element)---> [Detached Text] (native) @332477 [220 bytes] --6 (element)---> [Detached HTMLParagraphElement] (native) @332469 [576 bytes] --8 (element)---> [Detached Text] (native) @332465 [220 bytes] --6 (element)---> [Detached HTMLHeadingElement] (native) @332457 [664 bytes] --10 (element)---> [Detached InternalNode] (native) @32100 [240 bytes] --1 (element)---> [Detached InternalNode] (native) @32102 [184 bytes] --2 (element)---> [Detached NamedNodeMap] (native) @36868 [40 bytes] ```
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65eed87c9ed3fb2d6d5c84ab Website Draft URL: https://65eed87c9ed3fb2d6d5c84ab--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://65eed87c9ed3fb2d6d5c84ab--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65eed8b338e7112ca95ec3ee Website Draft URL: https://65eed8b338e7112ca95ec3ee--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Lighthouse Score

Desktop

performance: 99 accessibility: 100 best-practices: 100 seo: 92 pwa: 100

Mobile

performance: 79 accessibility: 100 best-practices: 96 seo: 93 pwa: 100

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into , where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Alternative image types Base Image Vulnerabilities Severity node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.6.2-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low node:lts-bookworm 178 1 critical, 6 high, 7 medium, 164 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1547-- --Retained size of leaked objects: 170.8KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6267 [60.8KB] --setTimeout (property)---> [] (closure) @48515 [72 bytes] --context (internal)---> [] (object) @214655 [20 bytes] --previous (internal)---> [] (object) @102657 [36KB] --n (variable)---> [t] (closure) @173935 [1.3KB] --context (internal)---> [] (object) @81999 [64.1KB] --n (variable)---> [Object] (object) @237197 [64KB] --449 (element)---> [Object] (object) @186895 [24 bytes] --exports (property)---> [r] (closure) @162945 [2.7KB] --hasData (property)---> [] (closure) @187369 [80 bytes] --context (internal)---> [] (object) @171495 [1.5KB] --e (variable)---> [Object] (object) @171479 [1KB] --2 (element)---> [Object] (object) @349857 [76 bytes] --aaAutocomplete (property)---> [f] (object) @390075 [348 bytes] --$node (property)---> [q] (object) @392421 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @335097 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @335665 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @335439 [444 bytes] --5 (element)---> [Detached HTMLHRElement] (native) @335437 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @335435 [736 bytes] --5 (element)---> [Detached HTMLParagraphElement] (native) @335433 [1.3KB] --8 (element)---> [Detached HTMLAnchorElement] (native) @335425 [7.9KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @335415 [1.9KB] --13 (element)---> [Detached InternalNode] (native) @39324 [312 bytes] --1 (element)---> [Detached InternalNode] (native) @41650 [256 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @29678 [72 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50.1KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6267 [60.8KB] --___replace (property)---> [] (closure) @48851 [80 bytes] --context (internal)---> [] (object) @102139 [748 bytes] --a (variable)---> [Module] (object) @102143 [6.3KB] --get version (property)---> [version] (closure) @210335 [80 bytes] --context (internal)---> [] (object) @126391 [6.5KB] --Qn (variable)---> [y] (object) @418093 [368 bytes] --props (property)---> [Object] (object) @418095 [28 bytes] --children (property)---> [Object] (object) @467631 [296 bytes] --props (property)---> [Object] (object) @467633 [56 bytes] --children (property)---> [Object] (object) @421913 [1.2KB] --__ (property)---> [Object] (object) @435569 [1.1KB] --__ (property)---> [Object] (object) @435589 [940 bytes] --__ (property)---> [Object] (object) @435601 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @335539 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @335537 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @335535 [384 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @335137 [15KB] --8 (element)---> [Detached HTMLElement] (native) @335155 [25.5KB] --5 (element)---> [Detached HTMLDivElement] (native) @335153 [22.2KB] --5 (element)---> [Detached Text] (native) @334683 [220 bytes] --6 (element)---> [Detached HTMLHeadingElement] (native) @334679 [576 bytes] --9 (element)---> [Detached Text] (native) @334671 [220 bytes] --7 (element)---> [Detached HTMLImageElement] (native) @334667 [764 bytes] --8 (element)---> [Detached Text] (native) @334663 [220 bytes] --7 (element)---> [Detached HTMLSpanElement] (native) @334659 [1KB] --9 (element)---> [Detached Text] (native) @334647 [220 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @334643 [1.3KB] --9 (element)---> [Detached Text] (native) @334623 [220 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @334619 [576 bytes] --9 (element)---> [Detached Text] (native) @334611 [220 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @334607 [576 bytes] --9 (element)---> [Detached Text] (native) @334599 [220 bytes] --7 (element)---> [Detached HTMLBRElement] (native) @334591 [396 bytes] --7 (element)---> [Detached Text] (native) @334587 [220 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @334583 [5.6KB] --6 (element)---> [Detached Text] (native) @334201 [220 bytes] --6 (element)---> [Detached HTMLUListElement] (native) @334559 [3.4KB] --6 (element)---> [Detached Text] (native) @334205 [220 bytes] --6 (element)---> [Detached HTMLLIElement] (native) @334211 [1.1KB] --5 (element)---> [Detached HTMLAnchorElement] (native) @334209 [752 bytes] --9 (element)---> [Detached InternalNode] (native) @29814 [240 bytes] --1 (element)---> [Detached InternalNode] (native) @29816 [184 bytes] --1 (element)---> [Detached DOMTokenList] (native) @35040 [56 bytes] ```
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65eedc3373108228229564d3 Website Draft URL: https://65eedc3373108228229564d3--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65eedc64c5414f3492d2ed45 Website Draft URL: https://65eedc64c5414f3492d2ed45--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://65eedc3373108228229564d3--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Lighthouse Score

Desktop

performance: 88 accessibility: 100 best-practices: 100 seo: 92 pwa: 100

Mobile

performance: 85 accessibility: 100 best-practices: 96 seo: 93 pwa: 100