tubone24 / blog

tubone's Blog made by Gatsby.js and Netlify
https://blog.tubone-project24.xyz/
Other
6 stars 2 forks source link

Ogp #1439

Closed tubone24 closed 7 months ago

tubone24 commented 7 months ago

PR title

Status

READY/IN DEVELOPMENT/HOLD

Description

A few sentences describing the overall goals of the pull request's commits.

Related PRs

List related PRs against other branches:

branch PR
other_pr_master [link]()
other_pr_develop [link]()

Todos

Steps to Test or Reproduce

Outline the steps to test or reproduce the PR here.

git pull --prune
git checkout <feature_branch>
yarn test

Preview Deploy

Describe the URL of the Preview Deploy.

[link]()

Impacted Areas in Application

List general components of the application that this PR will affect:

Screenshot

Replace FIXME_BRANCH_NAME, FIXME_PR_NUMBER in the URL below with this branch name and PR number.

Desktop

Width 1200px

Desktop Home

Mobile

Width 400px

mobile home
github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.3MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1520-- --Retained size of leaked objects: 169.5KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6267 [62.3KB] --setTimeout (property)---> [] (closure) @48435 [72 bytes] --context (internal)---> [] (object) @113509 [20 bytes] --previous (internal)---> [] (object) @86089 [36KB] --n (variable)---> [t] (closure) @112519 [1.3KB] --context (internal)---> [] (object) @239959 [48.9KB] --n (variable)---> [Object] (object) @246939 [48.8KB] --449 (element)---> [Object] (object) @247379 [24 bytes] --exports (property)---> [r] (closure) @138363 [2.7KB] --hasData (property)---> [] (closure) @282995 [80 bytes] --context (internal)---> [] (object) @155225 [1.5KB] --e (variable)---> [Object] (object) @155227 [1KB] --2 (element)---> [Object] (object) @337097 [76 bytes] --aaAutocomplete (property)---> [f] (object) @337101 [348 bytes] --$node (property)---> [q] (object) @341011 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @333781 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @334355 [5.7KB] --7 (element)---> [Detached HTMLDivElement] (native) @334203 [444 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334383 [444 bytes] --6 (element)---> [Detached HTMLAnchorElement] (native) @333851 [2.5KB] --12 (element)---> [Detached InternalNode] (native) @29032 [488 bytes] --1 (element)---> [Detached InternalNode] (native) @29022 [432 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @29018 [72 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50.1KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6267 [62.3KB] --___replace (property)---> [] (closure) @48771 [80 bytes] --context (internal)---> [] (object) @108805 [748 bytes] --a (variable)---> [Module] (object) @138317 [6.3KB] --get version (property)---> [version] (closure) @212763 [80 bytes] --context (internal)---> [] (object) @120915 [6.5KB] --Qn (variable)---> [y] (object) @406161 [368 bytes] --props (property)---> [Object] (object) @407761 [28 bytes] --children (property)---> [Object] (object) @438091 [296 bytes] --props (property)---> [Object] (object) @437515 [56 bytes] --children (property)---> [Object] (object) @437519 [1.2KB] --__ (property)---> [Object] (object) @464421 [1.1KB] --__ (property)---> [Object] (object) @464425 [940 bytes] --__ (property)---> [Object] (object) @414013 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @334243 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334241 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334239 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334237 [8KB] --5 (element)---> [Detached HTMLDivElement] (native) @334235 [7.2KB] --5 (element)---> [Detached HTMLHeadingElement] (native) @334231 [664 bytes] --9 (element)---> [Detached InternalNode] (native) @29906 [240 bytes] --2 (element)---> [Detached InternalNode] (native) @29908 [56 bytes] --1 (element)---> [Detached NodeList] (native) @32346 [56 bytes] ```
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low Alternative image types Base Image Vulnerabilities Severity node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.7.1-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low node:lts-bookworm 179 1 critical, 6 high, 7 medium, 165 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f0864ff79971114a2e73c4 Website Draft URL: https://65f0864ff79971114a2e73c4--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://65f0864ff79971114a2e73c4--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f086a090c57b123879633a Website Draft URL: https://65f086a090c57b123879633a--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Lighthouse Score

Desktop

performance: 89 accessibility: 100 best-practices: 100 seo: 92 pwa: 100

Mobile

performance: 74 accessibility: 100 best-practices: 96 seo: 93 pwa: 100

coveralls commented 7 months ago

Pull Request Test Coverage Report for Build 8300079167

Details


Totals Coverage Status
Change from base Build 8228841339: 0.04%
Covered Lines: 251
Relevant Lines: 281

💛 - Coveralls
github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Alternative image types Base Image Vulnerabilities Severity node:hydrogen-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.6.2-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:hydrogen 178 1 critical, 6 high, 7 medium, 164 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1634-- --Retained size of leaked objects: 176.2KB-- [] (synthetic) @1 [10.5MB] --3 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6265 [62.6KB] --setTimeout (property)---> [] (closure) @79847 [72 bytes] --context (internal)---> [] (object) @255681 [20 bytes] --previous (internal)---> [] (object) @74415 [36.1KB] --n (variable)---> [t] (closure) @237173 [1.3KB] --context (internal)---> [] (object) @241521 [43.3KB] --n (variable)---> [Object] (object) @241527 [43.2KB] --449 (element)---> [Object] (object) @253625 [24 bytes] --exports (property)---> [r] (closure) @296687 [2.7KB] --hasData (property)---> [] (closure) @300785 [80 bytes] --context (internal)---> [] (object) @300779 [1.5KB] --e (variable)---> [Object] (object) @305381 [1KB] --2 (element)---> [Object] (object) @340379 [76 bytes] --aaAutocomplete (property)---> [f] (object) @394211 [348 bytes] --$node (property)---> [q] (object) @394615 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @333771 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @334197 [5.7KB] --7 (element)---> [Detached HTMLDivElement] (native) @334025 [444 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334225 [444 bytes] --6 (element)---> [Detached HTMLAnchorElement] (native) @333845 [2.5KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @333859 [2.5KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @333873 [2.5KB] --13 (element)---> [Detached InternalNode] (native) @34678 [488 bytes] --1 (element)---> [Detached InternalNode] (native) @31484 [432 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @31492 [72 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50KB-- [] (synthetic) @1 [10.5MB] --3 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6265 [62.6KB] --___replace (property)---> [] (closure) @80179 [80 bytes] --context (internal)---> [] (object) @244087 [748 bytes] --a (variable)---> [Module] (object) @105497 [6.3KB] --get version (property)---> [version] (closure) @245469 [80 bytes] --context (internal)---> [] (object) @100509 [6.5KB] --Qn (variable)---> [y] (object) @402169 [368 bytes] --props (property)---> [Object] (object) @418897 [28 bytes] --children (property)---> [Object] (object) @418899 [296 bytes] --props (property)---> [Object] (object) @429949 [56 bytes] --children (property)---> [Object] (object) @404245 [1.2KB] --__ (property)---> [Object] (object) @447413 [1.1KB] --__ (property)---> [Object] (object) @447435 [940 bytes] --__ (property)---> [Object] (object) @447451 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @334067 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334065 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334063 [384 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @333811 [15KB] --8 (element)---> [Detached HTMLElement] (native) @333829 [25.4KB] --5 (element)---> [Detached HTMLDivElement] (native) @333827 [22.1KB] --5 (element)---> [Detached Text] (native) @332833 [220 bytes] --6 (element)---> [Detached HTMLHeadingElement] (native) @332837 [576 bytes] --9 (element)---> [Detached Text] (native) @332845 [220 bytes] --7 (element)---> [Detached HTMLImageElement] (native) @332849 [764 bytes] --8 (element)---> [Detached Text] (native) @332853 [220 bytes] --7 (element)---> [Detached HTMLSpanElement] (native) @332857 [1KB] --9 (element)---> [Detached Text] (native) @332869 [220 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @332873 [1.3KB] --9 (element)---> [Detached Text] (native) @332893 [220 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @332897 [576 bytes] --9 (element)---> [Detached Text] (native) @332905 [220 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @332909 [576 bytes] --9 (element)---> [Detached Text] (native) @332917 [220 bytes] --7 (element)---> [Detached HTMLBRElement] (native) @332925 [396 bytes] --7 (element)---> [Detached Text] (native) @332929 [220 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @332933 [5.5KB] --6 (element)---> [Detached Text] (native) @332997 [220 bytes] --6 (element)---> [Detached HTMLUListElement] (native) @332957 [3.4KB] --6 (element)---> [Detached Text] (native) @332993 [220 bytes] --6 (element)---> [Detached HTMLLIElement] (native) @332981 [1.1KB] --5 (element)---> [Detached HTMLAnchorElement] (native) @332985 [752 bytes] --6 (element)---> [Detached Text] (native) @332989 [220 bytes] --6 (element)---> [Detached InternalNode] (native) @30336 [32 bytes] --1 (element)---> [Detached InternalNode] (native) @37964 [32 bytes] --1 (element)---> [Detached NodeList] (native) @37966 [32 bytes] ```
github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f108112102fe759f288182 Website Draft URL: https://65f108112102fe759f288182--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1520-- --Retained size of leaked objects: 169.2KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6261 [62.2KB] --setTimeout (property)---> [] (closure) @48425 [72 bytes] --context (internal)---> [] (object) @157957 [20 bytes] --previous (internal)---> [] (object) @85709 [36KB] --n (variable)---> [t] (closure) @124653 [1.3KB] --context (internal)---> [] (object) @171923 [48.9KB] --n (variable)---> [Object] (object) @171929 [48.8KB] --449 (element)---> [Object] (object) @107941 [24 bytes] --exports (property)---> [r] (closure) @107943 [2.7KB] --hasData (property)---> [] (closure) @108471 [80 bytes] --context (internal)---> [] (object) @124617 [1.5KB] --e (variable)---> [Object] (object) @124619 [1KB] --2 (element)---> [Object] (object) @389325 [76 bytes] --aaAutocomplete (property)---> [f] (object) @389949 [348 bytes] --$node (property)---> [q] (object) @389957 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @334029 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @334583 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @334365 [444 bytes] --5 (element)---> [Detached HTMLHRElement] (native) @334363 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334361 [5.1KB] --10 (element)---> [Detached InternalNode] (native) @30106 [240 bytes] --1 (element)---> [Detached InternalNode] (native) @30108 [184 bytes] --1 (element)---> [Detached DOMTokenList] (native) @33888 [56 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6261 [62.2KB] --___replace (property)---> [] (closure) @48761 [80 bytes] --context (internal)---> [] (object) @218787 [748 bytes] --a (variable)---> [Module] (object) @109725 [6.3KB] --get version (property)---> [version] (closure) @170369 [80 bytes] --context (internal)---> [] (object) @119733 [6.5KB] --Qn (variable)---> [y] (object) @405429 [368 bytes] --props (property)---> [Object] (object) @448805 [28 bytes] --children (property)---> [Object] (object) @469245 [296 bytes] --props (property)---> [Object] (object) @469489 [56 bytes] --children (property)---> [Object] (object) @431323 [1.2KB] --__ (property)---> [Object] (object) @431337 [1.1KB] --__ (property)---> [Object] (object) @431355 [940 bytes] --__ (property)---> [Object] (object) @431365 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @334463 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334461 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334459 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @334457 [7.9KB] --5 (element)---> [Detached HTMLDivElement] (native) @334455 [7.1KB] --6 (element)---> [Detached HTMLDivElement] (native) @334447 [5.9KB] --5 (element)---> [Detached HTMLDivElement] (native) @334445 [4.8KB] --5 (element)---> [Detached HTMLPictureElement] (native) @334443 [3.7KB] --9 (element)---> [Detached InternalNode] (native) @37668 [152 bytes] --1 (element)---> [Detached InternalNode] (native) @29798 [96 bytes] --2 (element)---> [Detached NamedNodeMap] (native) @29802 [40 bytes] ```
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Alternative image types Base Image Vulnerabilities Severity node:hydrogen-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.6.2-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:hydrogen 178 1 critical, 6 high, 7 medium, 164 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f130e544a5ee8dd65593d3 Website Draft URL: https://65f130e544a5ee8dd65593d3--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Alternative image types Base Image Vulnerabilities Severity node:21.7.0-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.7.0-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:lts-bookworm 170 1 critical, 4 high, 1 medium, 164 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1634-- --Retained size of leaked objects: 176.3KB-- [] (synthetic) @1 [10.5MB] --3 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [60.7KB] --setTimeout (property)---> [] (closure) @145801 [72 bytes] --context (internal)---> [] (object) @132477 [20 bytes] --previous (internal)---> [] (object) @46085 [36KB] --n (variable)---> [t] (closure) @69241 [1.3KB] --context (internal)---> [] (object) @74015 [43.5KB] --n (variable)---> [Object] (object) @80831 [43.4KB] --449 (element)---> [Object] (object) @81273 [24 bytes] --exports (property)---> [r] (closure) @209251 [2.7KB] --hasData (property)---> [] (closure) @209707 [80 bytes] --context (internal)---> [] (object) @209489 [1.5KB] --e (variable)---> [Object] (object) @209491 [1KB] --2 (element)---> [Object] (object) @350681 [76 bytes] --aaAutocomplete (property)---> [f] (object) @356519 [348 bytes] --$node (property)---> [q] (object) @353823 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @334073 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @333559 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @333339 [444 bytes] --6 (element)---> [Detached HTMLHRElement] (native) @333557 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @333533 [444 bytes] --8 (element)---> [Detached HTMLHRElement] (native) @333531 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334363 [532 bytes] --5 (element)---> [Detached HTMLParagraphElement] (native) @334361 [1KB] --8 (element)---> [Detached HTMLAnchorElement] (native) @334371 [2KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @333447 [2KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @333457 [2KB] --13 (element)---> [Detached InternalNode] (native) @34824 [400 bytes] --1 (element)---> [Detached InternalNode] (native) @43142 [344 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @31894 [72 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50KB-- [] (synthetic) @1 [10.5MB] --3 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [60.7KB] --___replace (property)---> [] (closure) @247079 [80 bytes] --context (internal)---> [] (object) @72421 [748 bytes] --a (variable)---> [Module] (object) @67077 [6.3KB] --get version (property)---> [version] (closure) @74199 [80 bytes] --context (internal)---> [] (object) @74299 [6.5KB] --Qn (variable)---> [y] (object) @408333 [368 bytes] --props (property)---> [Object] (object) @440345 [28 bytes] --children (property)---> [Object] (object) @469311 [296 bytes] --props (property)---> [Object] (object) @470079 [56 bytes] --children (property)---> [Object] (object) @417573 [1.2KB] --__ (property)---> [Object] (object) @417587 [1.1KB] --__ (property)---> [Object] (object) @417605 [940 bytes] --__ (property)---> [Object] (object) @417615 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @333439 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @333437 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @333435 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @333433 [7.9KB] --5 (element)---> [Detached HTMLDivElement] (native) @333431 [7.1KB] --6 (element)---> [Detached HTMLDivElement] (native) @333423 [5.9KB] --5 (element)---> [Detached HTMLDivElement] (native) @333421 [4.8KB] --6 (element)---> [Detached HTMLSpanElement] (native) @333409 [664 bytes] --9 (element)---> [Detached InternalNode] (native) @31126 [240 bytes] --1 (element)---> [Detached InternalNode] (native) @31120 [184 bytes] --2 (element)---> [Detached NamedNodeMap] (native) @29512 [40 bytes] ```
github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f157f9ef7004a7a700b1c5 Website Draft URL: https://65f157f9ef7004a7a700b1c5--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Alternative image types Base Image Vulnerabilities Severity node:21.7.0-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.7.0-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:lts-bookworm 170 1 critical, 4 high, 1 medium, 164 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1520-- --Retained size of leaked objects: 169.6KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [60.7KB] --setTimeout (property)---> [] (closure) @76583 [72 bytes] --context (internal)---> [] (object) @208767 [20 bytes] --previous (internal)---> [] (object) @109851 [36KB] --n (variable)---> [t] (closure) @177521 [1.3KB] --context (internal)---> [] (object) @124035 [43.5KB] --n (variable)---> [Object] (object) @141511 [43.4KB] --449 (element)---> [Object] (object) @141953 [24 bytes] --exports (property)---> [r] (closure) @177125 [2.7KB] --hasData (property)---> [] (closure) @144487 [80 bytes] --context (internal)---> [] (object) @144481 [1.5KB] --e (variable)---> [Object] (object) @177507 [1KB] --2 (element)---> [Object] (object) @339845 [76 bytes] --aaAutocomplete (property)---> [f] (object) @371945 [348 bytes] --$node (property)---> [q] (object) @372873 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @335287 [716 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @335859 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @335631 [444 bytes] --5 (element)---> [Detached HTMLHRElement] (native) @335629 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @335627 [5.1KB] --6 (element)---> [Detached HTMLAnchorElement] (native) @335565 [1.9KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @335575 [1.9KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @335585 [1.9KB] --13 (element)---> [Detached InternalNode] (native) @31554 [312 bytes] --1 (element)---> [Detached InternalNode] (native) @42496 [256 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @30636 [72 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50.5KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [60.7KB] --___replace (property)---> [] (closure) @76915 [80 bytes] --context (internal)---> [] (object) @192607 [748 bytes] --a (variable)---> [Module] (object) @123875 [6.3KB] --get version (property)---> [version] (closure) @123731 [80 bytes] --context (internal)---> [] (object) @110243 [6.5KB] --Qn (variable)---> [y] (object) @402195 [368 bytes] --props (property)---> [Object] (object) @447773 [28 bytes] --children (property)---> [Object] (object) @467053 [296 bytes] --props (property)---> [Object] (object) @470737 [56 bytes] --children (property)---> [Object] (object) @408999 [1.2KB] --__ (property)---> [Object] (object) @455621 [1.1KB] --__ (property)---> [Object] (object) @455633 [940 bytes] --__ (property)---> [Object] (object) @449071 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @335729 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @335727 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @335725 [384 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @335325 [15KB] --8 (element)---> [Detached HTMLElement] (native) @335343 [25.8KB] --5 (element)---> [Detached HTMLDivElement] (native) @335341 [22.5KB] --9 (element)---> [Detached InternalNode] (native) @30800 [328 bytes] --1 (element)---> [Detached InternalNode] (native) @30792 [272 bytes] --3 (element)---> [Detached InternalNode] (native) @30798 [176 bytes] --1 (element)---> [Detached InternalNode] (native) @34658 [176 bytes] --2 (element)---> [Detached Attr] (native) @32940 [88 bytes] ```
github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f15b9dc4066caadf9e480b Website Draft URL: https://65f15b9dc4066caadf9e480b--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Alternative image types Base Image Vulnerabilities Severity node:21.7.0-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.7.0-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:lts-bookworm 170 1 critical, 4 high, 1 medium, 164 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.4MB] (target) [s2] > revert [9.4MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1520-- --Retained size of leaked objects: 169.3KB-- [] (synthetic) @1 [10.6MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6257 [74.4KB] --setTimeout (property)---> [] (closure) @186745 [72 bytes] --context (internal)---> [] (object) @280663 [20 bytes] --previous (internal)---> [] (object) @56883 [36KB] --n (variable)---> [t] (closure) @51741 [1.3KB] --context (internal)---> [] (object) @50543 [43.5KB] --n (variable)---> [Object] (object) @79403 [43.4KB] --449 (element)---> [Object] (object) @69443 [24 bytes] --exports (property)---> [r] (closure) @69449 [2.7KB] --hasData (property)---> [] (closure) @227985 [80 bytes] --context (internal)---> [] (object) @227463 [1.5KB] --e (variable)---> [Object] (object) @227465 [1KB] --2 (element)---> [Object] (object) @360417 [76 bytes] --aaAutocomplete (property)---> [f] (object) @360421 [348 bytes] --$node (property)---> [q] (object) @360753 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @335037 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @335573 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @335325 [444 bytes] --5 (element)---> [Detached HTMLHRElement] (native) @335323 [356 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @335321 [736 bytes] --5 (element)---> [Detached HTMLParagraphElement] (native) @335319 [1.3KB] --8 (element)---> [Detached HTMLAnchorElement] (native) @335311 [7.9KB] --13 (element)---> [Detached InternalNode] (native) @34284 [312 bytes] --1 (element)---> [Detached InternalNode] (native) @41402 [256 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @29074 [72 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50KB-- [] (synthetic) @1 [10.6MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6257 [74.4KB] --___replace (property)---> [] (closure) @225519 [80 bytes] --context (internal)---> [] (object) @85511 [748 bytes] --a (variable)---> [Module] (object) @48065 [6.3KB] --get version (property)---> [version] (closure) @79763 [80 bytes] --context (internal)---> [] (object) @47669 [6.5KB] --Qn (variable)---> [y] (object) @407581 [368 bytes] --props (property)---> [Object] (object) @454457 [28 bytes] --children (property)---> [Object] (object) @454839 [296 bytes] --props (property)---> [Object] (object) @455989 [56 bytes] --children (property)---> [Object] (object) @424167 [1.2KB] --__ (property)---> [Object] (object) @465785 [1.1KB] --__ (property)---> [Object] (object) @465789 [940 bytes] --__ (property)---> [Object] (object) @440737 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @335425 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @335423 [384 bytes] --8 (element)---> [Detached InternalNode] (native) @32236 [240 bytes] --1 (element)---> [Detached InternalNode] (native) @32238 [184 bytes] --1 (element)---> [Detached DOMTokenList] (native) @33420 [56 bytes] ```
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f16e4a90c57bb89d7961a4 Website Draft URL: https://65f16e4a90c57bb89d7961a4--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://65f16e4a90c57bb89d7961a4--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f16e9044a5eeb8cd5590b9 Website Draft URL: https://65f16e9044a5eeb8cd5590b9--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Lighthouse Score

Desktop

performance: 86 accessibility: 100 best-practices: 100 seo: 92 pwa: 100

Mobile

performance: 82 accessibility: 100 best-practices: 96 seo: 93 pwa: 100

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Alternative image types Base Image Vulnerabilities Severity node:21.7.0-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.7.0-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:lts-bookworm 170 1 critical, 4 high, 1 medium, 164 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f16fc490c57bba127963aa Website Draft URL: https://65f16fc490c57bba127963aa--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1634-- --Retained size of leaked objects: 176.8KB-- [] (synthetic) @1 [10.5MB] --3 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.6KB] --setTimeout (property)---> [] (closure) @48385 [72 bytes] --context (internal)---> [] (object) @228465 [20 bytes] --previous (internal)---> [] (object) @89299 [36KB] --n (variable)---> [t] (closure) @198791 [1.3KB] --context (internal)---> [] (object) @144377 [43.3KB] --n (variable)---> [Object] (object) @198789 [43.2KB] --449 (element)---> [Object] (object) @206621 [24 bytes] --exports (property)---> [r] (closure) @264263 [2.7KB] --hasData (property)---> [] (closure) @158279 [80 bytes] --context (internal)---> [] (object) @158273 [1.5KB] --e (variable)---> [Object] (object) @264717 [1KB] --2 (element)---> [Object] (object) @350207 [76 bytes] --aaAutocomplete (property)---> [f] (object) @356115 [348 bytes] --$node (property)---> [q] (object) @356839 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @333519 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @334257 [5.8KB] --7 (element)---> [Detached HTMLDivElement] (native) @333775 [444 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @334285 [444 bytes] --6 (element)---> [Detached HTMLAnchorElement] (native) @333597 [2.5KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @333973 [2.5KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @333987 [2.5KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @334001 [2.5KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @334019 [2.5KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @334037 [2.5KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @334055 [2.5KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @334069 [2.5KB] --13 (element)---> [Detached InternalNode] (native) @31356 [488 bytes] --1 (element)---> [Detached InternalNode] (native) @31358 [432 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @31354 [72 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 51.4KB-- [] (synthetic) @1 [10.5MB] --3 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.6KB] --___replace (property)---> [] (closure) @48721 [80 bytes] --context (internal)---> [] (object) @195623 [748 bytes] --a (variable)---> [Module] (object) @198879 [6.3KB] --get version (property)---> [version] (closure) @147243 [80 bytes] --context (internal)---> [] (object) @89819 [6.5KB] --Qn (variable)---> [y] (object) @406829 [368 bytes] --props (property)---> [Object] (object) @423519 [28 bytes] --children (property)---> [Object] (object) @423521 [296 bytes] --props (property)---> [Object] (object) @427055 [56 bytes] --children (property)---> [Object] (object) @403669 [1.2KB] --__ (property)---> [Object] (object) @450393 [1.1KB] --__ (property)---> [Object] (object) @450403 [940 bytes] --__ (property)---> [Object] (object) @450413 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @333817 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @333815 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @333813 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @333811 [8.1KB] --9 (element)---> [Detached InternalNode] (native) @31708 [560 bytes] --1 (element)---> [Detached InternalNode] (native) @43836 [504 bytes] --3 (element)---> [Detached InternalNode] (native) @29308 [352 bytes] --1 (element)---> [Detached InternalNode] (native) @36418 [352 bytes] --2 (element)---> [Detached Attr] (native) @33084 [88 bytes] ```
github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f16fe1f79971b9822e72d9 Website Draft URL: https://65f16fe1f79971b9822e72d9--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://65f16fc490c57bba127963aa--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Lighthouse Score

Desktop

performance: 93 accessibility: 100 best-practices: 100 seo: 92 pwa: 100

Mobile

performance: 83 accessibility: 100 best-practices: 96 seo: 93 pwa: 100

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Alternative image types Base Image Vulnerabilities Severity node:21.7.0-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.7.0-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:lts-bookworm 170 1 critical, 4 high, 1 medium, 164 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f171732102febc82288620 Website Draft URL: https://65f171732102febc82288620--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://65f171732102febc82288620--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1634-- --Retained size of leaked objects: 177.2KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [60.7KB] --setTimeout (property)---> [] (closure) @48039 [72 bytes] --context (internal)---> [] (object) @235645 [20 bytes] --previous (internal)---> [] (object) @73447 [36KB] --n (variable)---> [t] (closure) @214429 [1.3KB] --context (internal)---> [] (object) @227281 [43.5KB] --n (variable)---> [Object] (object) @238469 [43.4KB] --449 (element)---> [Object] (object) @93783 [24 bytes] --exports (property)---> [r] (closure) @93789 [2.7KB] --hasData (property)---> [] (closure) @184933 [80 bytes] --context (internal)---> [] (object) @111507 [1.5KB] --e (variable)---> [Object] (object) @111487 [1KB] --2 (element)---> [Object] (object) @370889 [76 bytes] --aaAutocomplete (property)---> [f] (object) @360607 [348 bytes] --$node (property)---> [q] (object) @368885 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @335017 [716 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @335461 [5.8KB] --7 (element)---> [Detached HTMLDivElement] (native) @335287 [484 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @335487 [484 bytes] --5 (element)---> [Detached HTMLAnchorElement] (native) @335489 [1.7KB] --11 (element)---> [Detached HTMLAnchorElement] (native) @335511 [2.5KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @335537 [2.5KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @335603 [2.5KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @335803 [2.5KB] --12 (element)---> [Detached HTMLAnchorElement] (native) @335817 [2.5KB] --13 (element)---> [Detached InternalNode] (native) @29424 [488 bytes] --1 (element)---> [Detached InternalNode] (native) @29426 [432 bytes] --4 (element)---> [Detached ElementIntersectionObserverData] (native) @30066 [72 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50.6KB-- [] (synthetic) @1 [10.5MB] --2 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [60.7KB] --___replace (property)---> [] (closure) @48375 [80 bytes] --context (internal)---> [] (object) @243065 [748 bytes] --a (variable)---> [Module] (object) @94819 [6.3KB] --get version (property)---> [version] (closure) @213239 [80 bytes] --context (internal)---> [] (object) @129241 [6.5KB] --Qn (variable)---> [y] (object) @412915 [368 bytes] --props (property)---> [Object] (object) @412917 [28 bytes] --children (property)---> [Object] (object) @427407 [296 bytes] --props (property)---> [Object] (object) @433347 [56 bytes] --children (property)---> [Object] (object) @433511 [1.2KB] --__ (property)---> [Object] (object) @438221 [1.1KB] --__ (property)---> [Object] (object) @438227 [940 bytes] --__ (property)---> [Object] (object) @419023 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @335329 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @335327 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @335325 [384 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @335057 [15.1KB] --8 (element)---> [Detached HTMLElement] (native) @335075 [25.5KB] --5 (element)---> [Detached HTMLDivElement] (native) @335073 [22.3KB] --6 (element)---> [Detached Text] (native) @334535 [220 bytes] --6 (element)---> [Detached HTMLImageElement] (native) @334531 [764 bytes] --7 (element)---> [Detached Text] (native) @334527 [220 bytes] --6 (element)---> [Detached HTMLParagraphElement] (native) @334495 [2.5KB] --5 (element)---> [Detached Text] (native) @334499 [220 bytes] --6 (element)---> [Detached HTMLAnchorElement] (native) @334503 [752 bytes] --5 (element)---> [Detached DOMTokenList] (native) @39438 [56 bytes] ```
github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f171c12102febce4288103 Website Draft URL: https://65f171c12102febce4288103--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Lighthouse Score

Desktop

performance: 92 accessibility: 100 best-practices: 100 seo: 92 pwa: 100

Mobile

performance: 77 accessibility: 100 best-practices: 96 seo: 93 pwa: 100

github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/node - @sentry/profiling-node - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - opentype.js - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/eslint-parser - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
github-actions[bot] commented 7 months ago

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths. Issues to fix by upgrading: Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s) Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0 introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s) Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s) Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1 introduced by gatsby-transformer-remark@5.25.1 ✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0 introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0 Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1 This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1 ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s) This issue was fixed in versions: 1.6.4 ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s) This issue was fixed in versions: 0.10.63 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0 introduced by html-minifier@4.0.0 No upgrade or patch available ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 This issue was fixed in versions: 1.1.9, 2.0.1 ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0 introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0 No upgrade or patch available ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0 introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s) This issue was fixed in versions: 6.0.2 Organization: tubone24 Package manager: yarn Target file: yarn.lock Project name: blog Open source: no Project path: . Licenses: enabled Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 23 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 25 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✗ [Medium] Path Traversal Path: scripts/benchmark.js, line 41 Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. ✔ Test completed Organization: tubone24 Test type: Static code analysis Project path: . Summary: 3 Code issues found 3 [Medium]

IaC

Snyk Infrastructure as Code - Snyk testing Infrastructure as Code configuration issues. ✔ Test completed. Issues No vulnerable paths were found! ------------------------------------------------------- Test Summary Organization: tubone24 Project name: tubone24/blog ✔ Files without issues: 3 ✗ Files with issues: 0 Ignored issues: 0 Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ] ------------------------------------------------------- Tip New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in util-linux/libuuid1 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 From: util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 and 25 more... ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2005-2541 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 ✗ Low severity vulnerability found in tar Description: CVE-2023-39804 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 Introduced through: tar@1.30+dfsg-6 From: tar@1.30+dfsg-6 Fixed in: 1.30+dfsg-6+deb10u1 ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Authentication Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Privilege Chaining Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Missing Release of Resource after Effective Lifetime Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Improper Validation of Integrity Check Value Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-7008 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-50868 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Low severity vulnerability found in shadow/passwd Description: Time-of-check Time-of-use (TOCTOU) Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Incorrect Permission Assignment for Critical Resource Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in shadow/passwd Description: Improper Authentication Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 From: shadow/passwd@1:4.5-1.1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 From: shadow/login@1:4.5-1.1 and 1 more... ✗ Low severity vulnerability found in perl/perl-base Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Link Following Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in perl/perl-base Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 Introduced through: perl/perl-base@5.28.1-6+deb10u1 From: perl/perl-base@5.28.1-6+deb10u1 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 Introduced through: pcre3/libpcre3@2:8.39-12 From: pcre3/libpcre3@2:8.39-12 ✗ Low severity vulnerability found in pam/libpam0g Description: CVE-2024-22365 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 From: pam/libpam0g@1.3.1-5 From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 and 11 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-50495 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in ncurses/libtinfo6 Description: CVE-2023-45918 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... ✗ Low severity vulnerability found in lz4/liblz4-1 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 From: lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libsepol/libsepol1 Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 From: libsepol/libsepol1@2.8-1 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 ✗ Low severity vulnerability found in libseccomp/libseccomp2 Description: CVE-2019-9893 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 From: libseccomp/libseccomp2@2.3.3-4 From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 ✗ Low severity vulnerability found in libidn2/libidn2-0 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 From: libidn2/libidn2-0@2.0.5-1+deb10u1 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 From: libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in gnupg2/gpgv Description: Use of a Broken or Risky Cryptographic Algorithm Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 From: gnupg2/gpgv@2.2.12-1+deb10u2 From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Uncontrolled Recursion Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-1010023 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use of Insufficiently Random Values Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in glibc/libc-bin Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: Insufficient Entropy Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in gcc-8/libstdc++6 Description: CVE-2023-4039 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Low severity vulnerability found in e2fsprogs/libcom-err2 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 and 5 more... ✗ Low severity vulnerability found in coreutils Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in coreutils Description: Race Condition Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 Introduced through: coreutils@8.30-3 From: coreutils@8.30-3 ✗ Low severity vulnerability found in bash Description: Improper Check for Dropped Privileges Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 Introduced through: bash@5.0-4 From: bash@5.0-4 ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 From: apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 From: apt@1.8.2.3 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u10 ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2022-4415 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ Medium severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u4 ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u11 ✗ High severity vulnerability found in systemd/libsystemd0 Description: CVE-2023-26604 Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... Fixed in: 241-7~deb10u9 ✗ High severity vulnerability found in systemd/libsystemd0 Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 From: systemd/libsystemd0@241-7~deb10u8 From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 and 4 more... ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in ncurses/libtinfo6 Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 and 7 more... Fixed in: 6.1+20181013-2+deb10u5 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u10 ✗ High severity vulnerability found in gnutls28/libgnutls30 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 From: gnutls28/libgnutls30@3.6.7-4+deb10u9 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 Fixed in: 3.6.7-4+deb10u12 ✗ High severity vulnerability found in glibc/libc-bin Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 From: glibc/libc-bin@2.28-10+deb10u2 From: glibc/libc6@2.28-10+deb10u2 ✗ High severity vulnerability found in gcc-8/libstdc++6 Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 From: gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 and 2 more... ✗ Critical severity vulnerability found in zlib/zlib1g Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 ✗ Critical severity vulnerability found in libtasn1-6 Description: Off-by-one Error Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 From: libtasn1-6@4.13-3 From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 Fixed in: 4.13-3+deb10u1 ✗ Critical severity vulnerability found in db5.3/libdb5.3 Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 ------------ Detected 34 vulnerabilities for node@18.12.1 ------------ ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Improper Certificate Validation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Low severity vulnerability found in node Description: Permissive Cross-domain Policy with Untrusted Domains Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ Medium severity vulnerability found in node Description: Timing Attack Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Use After Free Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: HTTP Request Smuggling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Inconsistency Between Implementation and Documented Design Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Over-read Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Insecure Randomness Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Buffer Underwrite (Buffer Underflow) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Privilege Escalation Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ Medium severity vulnerability found in node Description: Improper Access Control Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Access Restriction Bypass Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ Medium severity vulnerability found in node Description: Improper Verification of Cryptographic Signature Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.18.2 ✗ Medium severity vulnerability found in node Description: Observable Timing Discrepancy Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Insecure Permissions Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Access of Resource Using Incompatible Type ('Type Confusion') Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.14.1 ✗ High severity vulnerability found in node Description: Prototype Pollution Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.16.1 ✗ High severity vulnerability found in node Description: Arbitrary Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.17.1 ✗ High severity vulnerability found in node Description: Allocation of Resources Without Limits or Throttling Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 ✗ High severity vulnerability found in node Description: Code Injection Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 Introduced through: node@18.12.1 From: node@18.12.1 Fixed in: 18.19.1, 20.11.1, 21.6.2 Organization: tubone24 Package manager: deb Project name: docker-image|test-blog Docker image: test-blog Platform: linux/amd64 Base image: node:18.12.1-buster-slim Licenses: enabled Tested 85 dependencies for known issues, found 117 issues. Base Image Vulnerabilities Severity node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low Recommendations for base image upgrade: Minor upgrades Base Image Vulnerabilities Severity node:18.19.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Major upgrades Base Image Vulnerabilities Severity node:20.11.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low Alternative image types Base Image Vulnerabilities Severity node:21.7.0-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low node:21.7.0-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low node:lts-bookworm 170 1 critical, 4 high, 1 medium, 164 low node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f18760a38fc30345c3f384 Website Draft URL: https://65f18760a38fc30345c3f384--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://65f18760a38fc30345c3f384--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.4MB] (baseline) [s1] > action-on-page [8.2MB] (target) [s2] > revert [9.3MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1634-- --Retained size of leaked objects: 176.2KB-- [] (synthetic) @1 [10.5MB] --3 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.7KB] --setTimeout (property)---> [] (closure) @48409 [72 bytes] --context (internal)---> [] (object) @263659 [20 bytes] --previous (internal)---> [] (object) @77813 [36KB] --n (variable)---> [t] (closure) @140805 [1.3KB] --context (internal)---> [] (object) @144167 [43.3KB] --n (variable)---> [Object] (object) @144173 [43.2KB] --449 (element)---> [Object] (object) @139409 [24 bytes] --exports (property)---> [r] (closure) @139415 [2.7KB] --hasData (property)---> [] (closure) @192835 [80 bytes] --context (internal)---> [] (object) @192877 [1.5KB] --e (variable)---> [Object] (object) @192857 [1KB] --2 (element)---> [Object] (object) @386283 [76 bytes] --aaAutocomplete (property)---> [f] (object) @348235 [348 bytes] --$node (property)---> [q] (object) @391885 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @332903 [676 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @333955 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @333569 [444 bytes] --8 (element)---> [Detached HTMLAnchorElement] (native) @333577 [1.9KB] --9 (element)---> [Detached HTMLAnchorElement] (native) @333585 [1.9KB] --11 (element)---> [Detached InternalNode] (native) @30908 [592 bytes] --1 (element)---> [Detached InternalNode] (native) @30900 [536 bytes] --3 (element)---> [Detached InternalNode] (native) @30906 [440 bytes] --1 (element)---> [Detached InternalNode] (native) @34662 [440 bytes] --2 (element)---> [Detached Attr] (native) @34664 [88 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 50KB-- [] (synthetic) @1 [10.5MB] --3 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.7KB] --___replace (property)---> [] (closure) @48745 [80 bytes] --context (internal)---> [] (object) @146547 [748 bytes] --a (variable)---> [Module] (object) @140417 [6.3KB] --get version (property)---> [version] (closure) @147179 [80 bytes] --context (internal)---> [] (object) @140783 [6.5KB] --Qn (variable)---> [y] (object) @404935 [368 bytes] --props (property)---> [Object] (object) @413261 [28 bytes] --children (property)---> [Object] (object) @459203 [296 bytes] --props (property)---> [Object] (object) @461853 [56 bytes] --children (property)---> [Object] (object) @413327 [1.2KB] --__ (property)---> [Object] (object) @461239 [1.1KB] --__ (property)---> [Object] (object) @461251 [940 bytes] --__ (property)---> [Object] (object) @423813 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @333841 [468 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @333839 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @333837 [384 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @332863 [15KB] --8 (element)---> [Detached HTMLElement] (native) @333773 [25.4KB] --5 (element)---> [Detached HTMLDivElement] (native) @333775 [22.1KB] --5 (element)---> [Detached Text] (native) @333329 [220 bytes] --6 (element)---> [Detached HTMLHeadingElement] (native) @333331 [576 bytes] --9 (element)---> [Detached Text] (native) @333337 [220 bytes] --7 (element)---> [Detached HTMLImageElement] (native) @333341 [764 bytes] --8 (element)---> [Detached Text] (native) @333345 [220 bytes] --7 (element)---> [Detached HTMLSpanElement] (native) @333349 [1KB] --9 (element)---> [Detached Text] (native) @333361 [220 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @333365 [1.3KB] --9 (element)---> [Detached Text] (native) @333385 [220 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @332229 [576 bytes] --9 (element)---> [Detached Text] (native) @332237 [220 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @332241 [576 bytes] --9 (element)---> [Detached Text] (native) @332249 [220 bytes] --7 (element)---> [Detached HTMLBRElement] (native) @332257 [396 bytes] --7 (element)---> [Detached Text] (native) @332261 [220 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @332265 [5.5KB] --6 (element)---> [Detached Text] (native) @332329 [220 bytes] --6 (element)---> [Detached HTMLUListElement] (native) @332289 [3.4KB] --10 (element)---> [Detached InternalNode] (native) @31310 [240 bytes] --2 (element)---> [Detached InternalNode] (native) @31312 [56 bytes] --1 (element)---> [Detached NodeList] (native) @28964 [56 bytes] ```