issue-14: modification Dockerfile + structure k8S (à compléter) #15

Closed
rmasson wants to merge 5 commits from issue-14 into develop
Owner

Modification du Dokerfile
Utilisation de l'image symfony8.1 de symfony-containers

Mise en place de la structure pour kubernetes

images publiées sur harbor:

standalone:

reg.cadoles.com/rmasson/hydra-sql-standalone:0.0.3-dev-issue-14-20230615

kube:

reg.cadoles.com/rmasson/hydra-sql-kube:0.0.3-dev-issue-14-20230615

Ce sont des images non stables, uniquement pour test

Modification du Dokerfile Utilisation de l'image symfony8.1 de symfony-containers Mise en place de la structure pour kubernetes ## images publiées sur harbor: ### standalone: reg.cadoles.com/rmasson/hydra-sql-standalone:0.0.3-dev-issue-14-20230615 ### kube: reg.cadoles.com/rmasson/hydra-sql-kube:0.0.3-dev-issue-14-20230615 Ce sont des images non stables, uniquement pour test
rmasson added 1 commit 2023-06-14 15:01:40 +02:00
issue-14: modification Dockerfile + structure k8S (à compléter)
Some checks failed
Cadoles/hydra-sql/pipeline/head There was a failure building this commit
Cadoles/hydra-sql/pipeline/pr-develop This commit is unstable
01ab325531
Owner

Symfony Security Check Report

3 packages have known vulnerabilities.

guzzlehttp/psr7 (2.4.3)

symfony/http-kernel (v5.4.16)

symfony/security-bundle (v5.4.11)

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 3 packages have known vulnerabilities. guzzlehttp/psr7 (2.4.3) ----------------------- * [CVE-2023-29197][]: Improper header validation symfony/http-kernel (v5.4.16) ----------------------------- * [CVE-2022-24894][]: Prevent storing cookie headers in HttpCache symfony/security-bundle (v5.4.11) --------------------------------- * [CVE-2022-24895][]: Possible CSRF token fixation [CVE-2023-29197]: https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw [CVE-2022-24894]: https://symfony.com/cve-2022-24894 [CVE-2022-24895]: https://symfony.com/cve-2022-24895 Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 1
Skipped 0
Failed 0
Error 0

Total duration: 0s

See details
Status Name Class
All OK

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 1 | | Skipped | 0 | | Failed | 0 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10003; | `All OK` || </details> <br />
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
rmasson force-pushed issue-14 from 01ab325531 to 6e3f0e7a61 2023-06-14 16:15:17 +02:00 Compare
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 1
Skipped 0
Failed 0
Error 0

Total duration: 0s

See details
Status Name Class
All OK

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 1 | | Skipped | 0 | | Failed | 0 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10003; | `All OK` || </details> <br />
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
rmasson requested review from bgaude 2023-06-14 16:28:25 +02:00
rmasson added 1 commit 2023-06-15 15:38:22 +02:00
issue-14: structure kubernetes
All checks were successful
Cadoles/hydra-sql/pipeline/pr-develop This commit looks good
22231f791f
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 1
Skipped 0
Failed 0
Error 0

Total duration: 0s

See details
Status Name Class
All OK

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 1 | | Skipped | 0 | | Failed | 0 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10003; | `All OK` || </details> <br />
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
bgaude requested review from pcaseiro 2023-06-16 09:26:42 +02:00
Author
Owner

images publiées sur harbor:
standalone:
reg.cadoles.com/rmasson/hydra-sql-standalone:0.0.4-dev-issue-14-20230615
ou
reg.cadoles.com/rmasson/hydra-sql-standalone:latest

kube:
reg.cadoles.com/rmasson/hydra-sql-kube:0.0.4-dev-issue-14-20230615
ou
reg.cadoles.com/rmasson/hydra-sql-kube:latest

Ce sont des images non stables, uniquement pour test sans redis.

images publiées sur harbor: standalone: reg.cadoles.com/rmasson/hydra-sql-standalone:0.0.4-dev-issue-14-20230615 ou reg.cadoles.com/rmasson/hydra-sql-standalone:latest kube: reg.cadoles.com/rmasson/hydra-sql-kube:0.0.4-dev-issue-14-20230615 ou reg.cadoles.com/rmasson/hydra-sql-kube:latest Ce sont des images non stables, uniquement pour test sans redis.
rmasson added 1 commit 2023-06-16 13:46:23 +02:00
issue-14: optimisation dockerfile
Some checks failed
Cadoles/hydra-sql/pipeline/pr-develop There was a failure building this commit
a823ac7d0e
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 1
Skipped 0
Failed 0
Error 0

Total duration: 0s

See details
Status Name Class
All OK

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 1 | | Skipped | 0 | | Failed | 0 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10003; | `All OK` || </details> <br />
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Validation du Dockerfile ./misc/docker/Dockerfile


## Validation du Dockerfile `./misc/docker/Dockerfile` ``` ```
rmasson added 1 commit 2023-06-16 14:00:25 +02:00
issue-14: paramétrage Jenkinsfile
Some checks reported warnings
Cadoles/hydra-sql/pipeline/pr-develop This commit is unstable
87fe4ad16a
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 1
Skipped 0
Failed 0
Error 0

Total duration: 0s

See details
Status Name Class
All OK

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 1 | | Skipped | 0 | | Failed | 0 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10003; | `All OK` || </details> <br />
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Validation du Dockerfile ./misc/images/hydra-sql-standalone/Dockerfile


## Validation du Dockerfile `./misc/images/hydra-sql-standalone/Dockerfile` ``` ```
Owner

Validation de l'image reg.cadoles.com/cadoles/hydra-sql:87fe4ad

+------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
        LIBRARY         | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
 json5 (package.json)   | CVE-2022-46175   | HIGH     | 2.2.1             | 1.0.2, 2.2.2  | Prototype Pollution in                |
                        |                  |          |                   |               | JSON5 via Parse Method                |
                        |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-46175 |
+------------------------+------------------+          +-------------------+---------------+---------------------------------------+
 webpack (package.json) | CVE-2023-28154   |          | 5.75.0            | 5.76.0        | avoid cross-realm objects             |
                        |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-28154 |
+------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
          LIBRARY          | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                TITLE                 |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
 github.com/aws/aws-sdk-go | CVE-2020-8911    | MEDIUM   | v1.44.206         |               | aws/aws-sdk-go: CBC padding          |
                           |                  |          |                   |               | oracle issue in AWS S3               |
                           |                  |          |                   |               | Crypto SDK for golang...             |
                           |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-8911 |
+                           +------------------+----------+                   +---------------+--------------------------------------+
                           | CVE-2020-8912    | LOW      |                   |               | aws-sdk-go: In-band key              |
                           |                  |          |                   |               | negotiation issue in AWS             |
                           |                  |          |                   |               | S3 Crypto SDK for golang...          |
                           |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-8912 |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+

## Validation de l'image `reg.cadoles.com/cadoles/hydra-sql:87fe4ad` ``` +------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ json5 (package.json) | CVE-2022-46175 | HIGH | 2.2.1 | 1.0.2, 2.2.2 | Prototype Pollution in | | | | | | JSON5 via Parse Method | | | | | | -->avd.aquasec.com/nvd/cve-2022-46175 | +------------------------+------------------+ +-------------------+---------------+---------------------------------------+ webpack (package.json) | CVE-2023-28154 | | 5.75.0 | 5.76.0 | avoid cross-realm objects | | | | | | -->avd.aquasec.com/nvd/cve-2023-28154 | +------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ +---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ github.com/aws/aws-sdk-go | CVE-2020-8911 | MEDIUM | v1.44.206 | | aws/aws-sdk-go: CBC padding | | | | | | oracle issue in AWS S3 | | | | | | Crypto SDK for golang... | | | | | | -->avd.aquasec.com/nvd/cve-2020-8911 | + +------------------+----------+ +---------------+--------------------------------------+ | CVE-2020-8912 | LOW | | | aws-sdk-go: In-band key | | | | | | negotiation issue in AWS | | | | | | S3 Crypto SDK for golang... | | | | | | -->avd.aquasec.com/nvd/cve-2020-8912 | +---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ ```
Owner

Application non fonctionnelle.

500

Failed to connect to localhost port 4445 after 0 ms: Couldn't connect to server for "http://localhost:4445/admin/oauth2/auth/requests/login?login_challenge=aa8a4d1469df4744847db52890b735fb".

L'application ne prends pas en compte les variables d'environnement.
Dans l'env du conteneur j'ai :

dev-mse-hydra-sql-7f9fdc94d7-z24kw:/app# env | grep HYDRA_ADMIN_BASE
HYDRA_ADMIN_BASE_URL=http://dev-mse-hydra:4445
dev-mse-hydra-sql-7f9fdc94d7-z24kw:/app#

Pourtant l'erreur indique que l'application cherche à communiquer avec "http://localhost:4445"

Application non fonctionnelle. ``` 500 Failed to connect to localhost port 4445 after 0 ms: Couldn't connect to server for "http://localhost:4445/admin/oauth2/auth/requests/login?login_challenge=aa8a4d1469df4744847db52890b735fb". ``` L'application ne prends pas en compte les variables d'environnement. Dans l'env du conteneur j'ai : ``` dev-mse-hydra-sql-7f9fdc94d7-z24kw:/app# env | grep HYDRA_ADMIN_BASE HYDRA_ADMIN_BASE_URL=http://dev-mse-hydra:4445 dev-mse-hydra-sql-7f9fdc94d7-z24kw:/app# ``` Pourtant l'erreur indique que l'application cherche à communiquer avec "http://localhost:4445"
Owner

Avec la bonne configuration côté hydra-sql c'est tout bon.

Avec la bonne configuration côté hydra-sql c'est tout bon.
mlamalle added 1 commit 2023-11-02 08:37:24 +01:00
add health path
Some checks failed
Cadoles/hydra-sql/pipeline/pr-develop There was a failure building this commit
Cadoles/hydra-sql/pipeline/head This commit is unstable
9abc04fd25
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 1
Skipped 0
Failed 0
Error 0

Total duration: 0s

See details
Status Name Class
All OK

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 1 | | Skipped | 0 | | Failed | 0 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10003; | `All OK` || </details> <br />
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Validation du Dockerfile ./misc/images/hydra-sql-standalone/Dockerfile


## Validation du Dockerfile `./misc/images/hydra-sql-standalone/Dockerfile` ``` ```
Owner

Validation de l'image reg.cadoles.com/cadoles/hydra-sql:9abc04f

+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
     LIBRARY     | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
 curl            | CVE-2023-38545   | CRITICAL | 8.1.2-r0          | 8.4.0-r0      | heap based buffer overflow            |
                 |                  |          |                   |               | in the SOCKS5 proxy handshake         |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-38545 |
+                 +------------------+----------+                   +---------------+---------------------------------------+
                 | CVE-2023-38039   | HIGH     |                   | 8.3.0-r0      | out of heap memory issue due to       |
                 |                  |          |                   |               | missing limit on header quantity...   |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-38039 |
+                 +------------------+----------+                   +---------------+---------------------------------------+
                 | CVE-2023-38546   | LOW      |                   | 8.4.0-r0      | cookie injection with none file       |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-38546 |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
 libcrypto3      | CVE-2023-2975    | MEDIUM   | 3.0.9-r1          | 3.0.9-r2      | AES-SIV cipher implementation         |
                 |                  |          |                   |               | contains a bug that causes            |
                 |                  |          |                   |               | it to ignore empty...                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-2975  |
+                 +------------------+          +                   +---------------+---------------------------------------+
                 | CVE-2023-3446    |          |                   | 3.0.9-r3      | Excessive time spent checking         |
                 |                  |          |                   |               | DH keys and parameters                |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3446  |
+                 +------------------+          +                   +---------------+---------------------------------------+
                 | CVE-2023-3817    |          |                   | 3.0.10-r0     | Excessive time spent                  |
                 |                  |          |                   |               | checking DH q parameter value         |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3817  |
+                 +------------------+          +                   +---------------+---------------------------------------+
                 | CVE-2023-5363    |          |                   | 3.0.12-r0     | Incorrect cipher key                  |
                 |                  |          |                   |               | and IV length processing              |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-5363  |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
 libcurl         | CVE-2023-38545   | CRITICAL | 8.1.2-r0          | 8.4.0-r0      | heap based buffer overflow            |
                 |                  |          |                   |               | in the SOCKS5 proxy handshake         |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-38545 |
+                 +------------------+----------+                   +---------------+---------------------------------------+
                 | CVE-2023-38039   | HIGH     |                   | 8.3.0-r0      | out of heap memory issue due to       |
                 |                  |          |                   |               | missing limit on header quantity...   |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-38039 |
+                 +------------------+----------+                   +---------------+---------------------------------------+
                 | CVE-2023-38546   | LOW      |                   | 8.4.0-r0      | cookie injection with none file       |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-38546 |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
 libssl3         | CVE-2023-2975    | MEDIUM   | 3.0.9-r1          | 3.0.9-r2      | AES-SIV cipher implementation         |
                 |                  |          |                   |               | contains a bug that causes            |
                 |                  |          |                   |               | it to ignore empty...                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-2975  |
+                 +------------------+          +                   +---------------+---------------------------------------+
                 | CVE-2023-3446    |          |                   | 3.0.9-r3      | Excessive time spent checking         |
                 |                  |          |                   |               | DH keys and parameters                |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3446  |
+                 +------------------+          +                   +---------------+---------------------------------------+
                 | CVE-2023-3817    |          |                   | 3.0.10-r0     | Excessive time spent                  |
                 |                  |          |                   |               | checking DH q parameter value         |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3817  |
+                 +------------------+          +                   +---------------+---------------------------------------+
                 | CVE-2023-5363    |          |                   | 3.0.12-r0     | Incorrect cipher key                  |
                 |                  |          |                   |               | and IV length processing              |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-5363  |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
 nghttp2-libs    | CVE-2023-35945   | HIGH     | 1.51.0-r0         | 1.51.0-r1     | HTTP/2 memory leak in nghttp2 codec   |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-35945 |
+                 +------------------+          +                   +---------------+---------------------------------------+
                 | CVE-2023-44487   |          |                   | 1.51.0-r2     | Multiple HTTP/2 enabled               |
                 |                  |          |                   |               | web servers are vulnerable            |
                 |                  |          |                   |               | to a DDoS attack (Rapid...            |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-44487 |
+-----------------+                  +          +-------------------+---------------+                                       +
 nginx           |                  |          | 1.22.1-r0         | 1.22.1-r1     |                                       |
                 |                  |          |                   |               |                                       |
                 |                  |          |                   |               |                                       |
                 |                  |          |                   |               |                                       |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
 php81           | CVE-2023-3824    | CRITICAL | 8.1.19-r0         | 8.1.22-r0     | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-common    | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-ctype     | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-curl      | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-dom       | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-fpm       | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-iconv     | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-mbstring  | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-openssl   | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-phar      | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-session   | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-simplexml | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-tokenizer | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-xml       | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-xmlwriter | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+----------+                   +               +---------------------------------------+
 php81-zip       | CVE-2023-3824    | CRITICAL |                   |               | phar Buffer mismanagement             |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3824  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3823    | HIGH     |                   |               | XML loading external entity           |
                 |                  |          |                   |               | without being enabled                 |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3823  |
+                 +------------------+----------+                   +               +---------------------------------------+
                 | CVE-2023-3247    | MEDIUM   |                   |               | Missing error check and               |
                 |                  |          |                   |               | insufficient random bytes in          |
                 |                  |          |                   |               | HTTP Digest authentication for...     |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-3247  |
+-----------------+------------------+          +-------------------+---------------+---------------------------------------+
 python3         | CVE-2023-40217   |          | 3.10.11-r0        | 3.10.13-r0    | TLS handshake bypass                  |
                 |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2023-40217 |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
+--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+
            LIBRARY             | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |     FIXED VERSION     |                 TITLE                 |
+--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+
 @babel/traverse (package.json) | CVE-2023-45133   | CRITICAL | 7.20.5            | 7.23.2, 8.0.0-alpha.4 | arbitrary code execution              |
                                |                  |          |                   |                       | -->avd.aquasec.com/nvd/cve-2023-45133 |
+--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+
 json5 (package.json)           | CVE-2022-46175   | HIGH     | 2.2.1             | 2.2.2, 1.0.2          | Prototype Pollution in                |
                                |                  |          |                   |                       | JSON5 via Parse Method                |
                                |                  |          |                   |                       | -->avd.aquasec.com/nvd/cve-2022-46175 |
+--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+
 postcss (package.json)         | CVE-2023-44270   | MEDIUM   | 8.4.20            | 8.4.31                | An issue was discovered in            |
                                |                  |          |                   |                       | PostCSS before 8.4.31. The            |
                                |                  |          |                   |                       | vulnerability af ......               |
                                |                  |          |                   |                       | -->avd.aquasec.com/nvd/cve-2023-44270 |
+--------------------------------+------------------+          +-------------------+-----------------------+---------------------------------------+
 semver (package.json)          | CVE-2022-25883   |          | 6.3.0             | 7.5.2, 6.3.1, 5.7.2   | Regular expression denial of service  |
                                |                  |          |                   |                       | -->avd.aquasec.com/nvd/cve-2022-25883 |
+                                +                  +          +-------------------+                       +                                       +
                                |                  |          | 7.3.8             |                       |                                       |
                                |                  |          |                   |                       |                                       |
+--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+
 webpack (package.json)         | CVE-2023-28154   | CRITICAL | 5.75.0            | 5.76.0                | avoid cross-realm objects             |
                                |                  |          |                   |                       | -->avd.aquasec.com/nvd/cve-2023-28154 |
+--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+
+------------------------+---------------------+----------+-------------------+------------------------+----------------------------------------------+
        LIBRARY         |  VULNERABILITY ID   | SEVERITY | INSTALLED VERSION |     FIXED VERSION      |                    TITLE                     |
+------------------------+---------------------+----------+-------------------+------------------------+----------------------------------------------+
 golang.org/x/net       | CVE-2023-39325      | HIGH     | v0.7.0            | 0.17.0                 | rapid stream resets can cause                |
                        |                     |          |                   |                        | excessive work (CVE-2023-44487)              |
                        |                     |          |                   |                        | -->avd.aquasec.com/nvd/cve-2023-39325        |
+                        +---------------------+----------+                   +------------------------+----------------------------------------------+
                        | CVE-2023-3978       | MEDIUM   |                   | 0.13.0                 | Cross site scripting                         |
                        |                     |          |                   |                        | -->avd.aquasec.com/nvd/cve-2023-3978         |
+                        +---------------------+          +                   +------------------------+----------------------------------------------+
                        | CVE-2023-44487      |          |                   | 0.17.0                 | Multiple HTTP/2 enabled                      |
                        |                     |          |                   |                        | web servers are vulnerable                   |
                        |                     |          |                   |                        | to a DDoS attack (Rapid...                   |
                        |                     |          |                   |                        | -->avd.aquasec.com/nvd/cve-2023-44487        |
+------------------------+---------------------+----------+-------------------+------------------------+----------------------------------------------+
 google.golang.org/grpc | GHSA-m425-mq94-257g | HIGH     | v1.46.2           | 1.56.3, 1.57.1, 1.58.3 | gRPC-Go HTTP/2 Rapid Reset vulnerability     |
                        |                     |          |                   |                        | -->github.com/advisories/GHSA-m425-mq94-257g |
+                        +---------------------+----------+                   +------------------------+----------------------------------------------+
                        | CVE-2023-44487      | MEDIUM   |                   | 1.58.3, 1.57.1, 1.56.3 | Multiple HTTP/2 enabled                      |
                        |                     |          |                   |                        | web servers are vulnerable                   |
                        |                     |          |                   |                        | to a DDoS attack (Rapid...                   |
                        |                     |          |                   |                        | -->avd.aquasec.com/nvd/cve-2023-44487        |
+------------------------+---------------------+----------+-------------------+------------------------+----------------------------------------------+

## Validation de l'image `reg.cadoles.com/cadoles/hydra-sql:9abc04f` ``` +-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ curl | CVE-2023-38545 | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | heap based buffer overflow | | | | | | in the SOCKS5 proxy handshake | | | | | | -->avd.aquasec.com/nvd/cve-2023-38545 | + +------------------+----------+ +---------------+---------------------------------------+ | CVE-2023-38039 | HIGH | | 8.3.0-r0 | out of heap memory issue due to | | | | | | missing limit on header quantity... | | | | | | -->avd.aquasec.com/nvd/cve-2023-38039 | + +------------------+----------+ +---------------+---------------------------------------+ | CVE-2023-38546 | LOW | | 8.4.0-r0 | cookie injection with none file | | | | | | -->avd.aquasec.com/nvd/cve-2023-38546 | +-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ libcrypto3 | CVE-2023-2975 | MEDIUM | 3.0.9-r1 | 3.0.9-r2 | AES-SIV cipher implementation | | | | | | contains a bug that causes | | | | | | it to ignore empty... | | | | | | -->avd.aquasec.com/nvd/cve-2023-2975 | + +------------------+ + +---------------+---------------------------------------+ | CVE-2023-3446 | | | 3.0.9-r3 | Excessive time spent checking | | | | | | DH keys and parameters | | | | | | -->avd.aquasec.com/nvd/cve-2023-3446 | + +------------------+ + +---------------+---------------------------------------+ | CVE-2023-3817 | | | 3.0.10-r0 | Excessive time spent | | | | | | checking DH q parameter value | | | | | | -->avd.aquasec.com/nvd/cve-2023-3817 | + +------------------+ + +---------------+---------------------------------------+ | CVE-2023-5363 | | | 3.0.12-r0 | Incorrect cipher key | | | | | | and IV length processing | | | | | | -->avd.aquasec.com/nvd/cve-2023-5363 | +-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ libcurl | CVE-2023-38545 | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | heap based buffer overflow | | | | | | in the SOCKS5 proxy handshake | | | | | | -->avd.aquasec.com/nvd/cve-2023-38545 | + +------------------+----------+ +---------------+---------------------------------------+ | CVE-2023-38039 | HIGH | | 8.3.0-r0 | out of heap memory issue due to | | | | | | missing limit on header quantity... | | | | | | -->avd.aquasec.com/nvd/cve-2023-38039 | + +------------------+----------+ +---------------+---------------------------------------+ | CVE-2023-38546 | LOW | | 8.4.0-r0 | cookie injection with none file | | | | | | -->avd.aquasec.com/nvd/cve-2023-38546 | +-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ libssl3 | CVE-2023-2975 | MEDIUM | 3.0.9-r1 | 3.0.9-r2 | AES-SIV cipher implementation | | | | | | contains a bug that causes | | | | | | it to ignore empty... | | | | | | -->avd.aquasec.com/nvd/cve-2023-2975 | + +------------------+ + +---------------+---------------------------------------+ | CVE-2023-3446 | | | 3.0.9-r3 | Excessive time spent checking | | | | | | DH keys and parameters | | | | | | -->avd.aquasec.com/nvd/cve-2023-3446 | + +------------------+ + +---------------+---------------------------------------+ | CVE-2023-3817 | | | 3.0.10-r0 | Excessive time spent | | | | | | checking DH q parameter value | | | | | | -->avd.aquasec.com/nvd/cve-2023-3817 | + +------------------+ + +---------------+---------------------------------------+ | CVE-2023-5363 | | | 3.0.12-r0 | Incorrect cipher key | | | | | | and IV length processing | | | | | | -->avd.aquasec.com/nvd/cve-2023-5363 | +-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ nghttp2-libs | CVE-2023-35945 | HIGH | 1.51.0-r0 | 1.51.0-r1 | HTTP/2 memory leak in nghttp2 codec | | | | | | -->avd.aquasec.com/nvd/cve-2023-35945 | + +------------------+ + +---------------+---------------------------------------+ | CVE-2023-44487 | | | 1.51.0-r2 | Multiple HTTP/2 enabled | | | | | | web servers are vulnerable | | | | | | to a DDoS attack (Rapid... | | | | | | -->avd.aquasec.com/nvd/cve-2023-44487 | +-----------------+ + +-------------------+---------------+ + nginx | | | 1.22.1-r0 | 1.22.1-r1 | | | | | | | | | | | | | | | | | | | | +-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ php81 | CVE-2023-3824 | CRITICAL | 8.1.19-r0 | 8.1.22-r0 | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-common | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-ctype | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-curl | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-dom | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-fpm | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-iconv | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-mbstring | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-openssl | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-phar | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-session | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-simplexml | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-tokenizer | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-xml | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-xmlwriter | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+----------+ + +---------------------------------------+ php81-zip | CVE-2023-3824 | CRITICAL | | | phar Buffer mismanagement | | | | | | -->avd.aquasec.com/nvd/cve-2023-3824 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3823 | HIGH | | | XML loading external entity | | | | | | without being enabled | | | | | | -->avd.aquasec.com/nvd/cve-2023-3823 | + +------------------+----------+ + +---------------------------------------+ | CVE-2023-3247 | MEDIUM | | | Missing error check and | | | | | | insufficient random bytes in | | | | | | HTTP Digest authentication for... | | | | | | -->avd.aquasec.com/nvd/cve-2023-3247 | +-----------------+------------------+ +-------------------+---------------+---------------------------------------+ python3 | CVE-2023-40217 | | 3.10.11-r0 | 3.10.13-r0 | TLS handshake bypass | | | | | | -->avd.aquasec.com/nvd/cve-2023-40217 | +-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ +--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+ LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+ @babel/traverse (package.json) | CVE-2023-45133 | CRITICAL | 7.20.5 | 7.23.2, 8.0.0-alpha.4 | arbitrary code execution | | | | | | -->avd.aquasec.com/nvd/cve-2023-45133 | +--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+ json5 (package.json) | CVE-2022-46175 | HIGH | 2.2.1 | 2.2.2, 1.0.2 | Prototype Pollution in | | | | | | JSON5 via Parse Method | | | | | | -->avd.aquasec.com/nvd/cve-2022-46175 | +--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+ postcss (package.json) | CVE-2023-44270 | MEDIUM | 8.4.20 | 8.4.31 | An issue was discovered in | | | | | | PostCSS before 8.4.31. The | | | | | | vulnerability af ...... | | | | | | -->avd.aquasec.com/nvd/cve-2023-44270 | +--------------------------------+------------------+ +-------------------+-----------------------+---------------------------------------+ semver (package.json) | CVE-2022-25883 | | 6.3.0 | 7.5.2, 6.3.1, 5.7.2 | Regular expression denial of service | | | | | | -->avd.aquasec.com/nvd/cve-2022-25883 | + + + +-------------------+ + + | | | 7.3.8 | | | | | | | | | +--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+ webpack (package.json) | CVE-2023-28154 | CRITICAL | 5.75.0 | 5.76.0 | avoid cross-realm objects | | | | | | -->avd.aquasec.com/nvd/cve-2023-28154 | +--------------------------------+------------------+----------+-------------------+-----------------------+---------------------------------------+ +------------------------+---------------------+----------+-------------------+------------------------+----------------------------------------------+ LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------------------+---------------------+----------+-------------------+------------------------+----------------------------------------------+ golang.org/x/net | CVE-2023-39325 | HIGH | v0.7.0 | 0.17.0 | rapid stream resets can cause | | | | | | excessive work (CVE-2023-44487) | | | | | | -->avd.aquasec.com/nvd/cve-2023-39325 | + +---------------------+----------+ +------------------------+----------------------------------------------+ | CVE-2023-3978 | MEDIUM | | 0.13.0 | Cross site scripting | | | | | | -->avd.aquasec.com/nvd/cve-2023-3978 | + +---------------------+ + +------------------------+----------------------------------------------+ | CVE-2023-44487 | | | 0.17.0 | Multiple HTTP/2 enabled | | | | | | web servers are vulnerable | | | | | | to a DDoS attack (Rapid... | | | | | | -->avd.aquasec.com/nvd/cve-2023-44487 | +------------------------+---------------------+----------+-------------------+------------------------+----------------------------------------------+ google.golang.org/grpc | GHSA-m425-mq94-257g | HIGH | v1.46.2 | 1.56.3, 1.57.1, 1.58.3 | gRPC-Go HTTP/2 Rapid Reset vulnerability | | | | | | -->github.com/advisories/GHSA-m425-mq94-257g | + +---------------------+----------+ +------------------------+----------------------------------------------+ | CVE-2023-44487 | MEDIUM | | 1.58.3, 1.57.1, 1.56.3 | Multiple HTTP/2 enabled | | | | | | web servers are vulnerable | | | | | | to a DDoS attack (Rapid... | | | | | | -->avd.aquasec.com/nvd/cve-2023-44487 | +------------------------+---------------------+----------+-------------------+------------------------+----------------------------------------------+ ```
mlamalle closed this pull request 2023-12-14 09:13:47 +01:00
Some checks failed
Cadoles/hydra-sql/pipeline/pr-develop There was a failure building this commit
Cadoles/hydra-sql/pipeline/head This commit is unstable

Pull request closed

Sign in to join this conversation.
No reviewers
No Label
No Milestone
No project
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Cadoles/hydra-sql#15
No description provided.