Image Dependency Vulnerability Scan | 47 Low Severity Findings (FYI)
This is more of an FYI as these are all low severity. Just something for us to watch.
Testing osdu:latest...
✗ Low severity vulnerability found in util-linux/libblkid1
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-2401081
Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, util-linux/libuuid1@2.36.1-8+deb11u1, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1
From: util-linux/libblkid1@2.36.1-8+deb11u1
From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1
From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1
and 15 more...
✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-TAR-3253527
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.34+dfsg-1
✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://snyk.io/vuln/SNYK-DEBIAN11-TAR-523480
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.34+dfsg-1
✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-1291054
Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1
From: systemd/libsystemd0@247.3-7+deb11u1
From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1
From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1
and 5 more...
✗ Low severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3111119
Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1
From: systemd/libsystemd0@247.3-7+deb11u1
From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1
From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1
and 5 more...
✗ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2022-4415
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3177742
Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1
From: systemd/libsystemd0@247.3-7+deb11u1
From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1
From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1
and 5 more...
✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-524969
Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1
From: systemd/libsystemd0@247.3-7+deb11u1
From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1
From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1
and 5 more...
✗ Low severity vulnerability found in sqlite3/libsqlite3-0
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-1569419
Introduced through: sqlite3/libsqlite3-0@3.34.1-3
From: sqlite3/libsqlite3-0@3.34.1-3
✗ Low severity vulnerability found in sqlite3/libsqlite3-0
Description: Memory Leak
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-2407045
Introduced through: sqlite3/libsqlite3-0@3.34.1-3
From: sqlite3/libsqlite3-0@3.34.1-3
✗ Low severity vulnerability found in sqlite3/libsqlite3-0
Description: Improper Validation of Array Index
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-2959400
Introduced through: sqlite3/libsqlite3-0@3.34.1-3
From: sqlite3/libsqlite3-0@3.34.1-3
✗ Low severity vulnerability found in shadow/passwd
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SHADOW-3310898
Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1
From: shadow/passwd@1:4.8.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1
From: shadow/login@1:4.8.1-1
and 1 more...
✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SHADOW-526940
Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1
From: shadow/passwd@1:4.8.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1
From: shadow/login@1:4.8.1-1
and 1 more...
✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SHADOW-528840
Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1
From: shadow/passwd@1:4.8.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1
From: shadow/login@1:4.8.1-1
and 1 more...
✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SHADOW-539870
Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1
From: shadow/passwd@1:4.8.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1
From: shadow/login@1:4.8.1-1
and 1 more...
✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PERL-1925976
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.32.1-4+deb11u2
✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PERL-532614
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.32.1-4+deb11u2
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-523392
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-525075
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529298
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529490
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-572353
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
✗ Low severity vulnerability found in openssl/libssl1.1
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-518334
Introduced through: openssl/libssl1.1@1.1.1n-0+deb11u4, ca-certificates@20210119, krb5/libgssapi-krb5-2@1.18.3-6+deb11u3
From: openssl/libssl1.1@1.1.1n-0+deb11u4
From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4
From: krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > openssl/libssl1.1@1.1.1n-0+deb11u4
and 1 more...
✗ Low severity vulnerability found in openssl/libssl1.1
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-525332
Introduced through: openssl/libssl1.1@1.1.1n-0+deb11u4, ca-certificates@20210119, krb5/libgssapi-krb5-2@1.18.3-6+deb11u3
From: openssl/libssl1.1@1.1.1n-0+deb11u4
From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4
From: krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > openssl/libssl1.1@1.1.1n-0+deb11u4
and 1 more...
✗ Low severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-2767191
Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash@5.1-2+deb11u1, ncurses/libncursesw6@6.2+20201114-2, ncurses/ncurses-bin@6.2+20201114-2, readline/libreadline8@8.1-1, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2
From: ncurses/libtinfo6@6.2+20201114-2
From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2
From: ncurses/libncursesw6@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2
and 6 more...
✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315627
Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118
From: libsepol/libsepol1@3.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1
✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315629
Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118
From: libsepol/libsepol1@3.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1
✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315635
Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118
From: libsepol/libsepol1@3.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1
✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315641
Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118
From: libsepol/libsepol1@3.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1
✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-1297892
Introduced through: libgcrypt20@1.8.7-6, apt@2.2.4
From: libgcrypt20@1.8.7-6
From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6
From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6
and 1 more...
✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-523947
Introduced through: libgcrypt20@1.8.7-6, apt@2.2.4
From: libgcrypt20@1.8.7-6
From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6
From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6
and 1 more...
✗ Low severity vulnerability found in krb5/libk5crypto3
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN11-KRB5-524883
Introduced through: krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libgssapi-krb5-2@1.18.3-6+deb11u3, krb5/libkrb5-3@1.18.3-6+deb11u3, libnsl/libnsl2@1.3.0-2, meta-common-packages@meta
From: krb5/libk5crypto3@1.18.3-6+deb11u3
From: krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3
From: krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3
and 5 more...
✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: CVE-2023-0361
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-3318299
Introduced through: gnutls28/libgnutls30@3.7.1-5+deb11u2, apt@2.2.4
From: gnutls28/libgnutls30@3.7.1-5+deb11u2
From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u2
Fixed in: 3.7.1-5+deb11u3
✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-515971
Introduced through: gnutls28/libgnutls30@3.7.1-5+deb11u2, apt@2.2.4
From: gnutls28/libgnutls30@3.7.1-5+deb11u2
From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u2
✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063
Introduced through: glibc/libc-bin@2.31-13+deb11u5, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u5
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u5
✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521199
Introduced through: glibc/libc-bin@2.31-13+deb11u5, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u5
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u5
✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-522385
Introduced through: glibc/libc-bin@2.31-13+deb11u5, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u5
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u5
✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-529848
Introduced through: glibc/libc-bin@2.31-13+deb11u5, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u5
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u5
✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531451
Introduced through: glibc/libc-bin@2.31-13+deb11u5, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u5
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u5
✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531492
Introduced through: glibc/libc-bin@2.31-13+deb11u5, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u5
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u5
✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-532215
Introduced through: glibc/libc-bin@2.31-13+deb11u5, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u5
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u5
✗ Low severity vulnerability found in expat/libexpat1
Description: XML External Entity (XXE) Injection
Info: https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-524217
Introduced through: expat/libexpat1@2.2.10-2+deb11u5
From: expat/libexpat1@2.2.10-2+deb11u5
✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-E2FSPROGS-2628459
Introduced through: e2fsprogs/libcom-err2@1.46.2-2, e2fsprogs@1.46.2-2, krb5/libgssapi-krb5-2@1.18.3-6+deb11u3, e2fsprogs/libext2fs2@1.46.2-2, e2fsprogs/libss2@1.46.2-2, e2fsprogs/logsave@1.46.2-2
From: e2fsprogs/libcom-err2@1.46.2-2
From: e2fsprogs@1.46.2-2 > e2fsprogs/libcom-err2@1.46.2-2
From: krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > e2fsprogs/libcom-err2@1.46.2-2
and 9 more...
✗ Low severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168
Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.8, adduser@3.118
From: db5.3/libdb5.3@5.3.28+dfsg1-0.8
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8
✗ Low severity vulnerability found in coreutils/coreutils
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-514776
Introduced through: coreutils/coreutils@8.32-4+b1
From: coreutils/coreutils@8.32-4+b1
✗ Low severity vulnerability found in coreutils/coreutils
Description: Race Condition
Info: https://snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-527269
Introduced through: coreutils/coreutils@8.32-4+b1
From: coreutils/coreutils@8.32-4+b1
✗ Low severity vulnerability found in bash
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN11-BASH-3112361
Introduced through: bash@5.1-2+deb11u1
From: bash@5.1-2+deb11u1
✗ Low severity vulnerability found in apt/libapt-pkg6.0
Description: Improper Verification of Cryptographic Signature
Info: https://snyk.io/vuln/SNYK-DEBIAN11-APT-522585
Introduced through: apt/libapt-pkg6.0@2.2.4, apt@2.2.4
From: apt/libapt-pkg6.0@2.2.4
From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4
From: apt@2.2.4
Package manager: deb
Project name: docker-image|osdu
Docker image: osdu:latest
Platform: linux/amd64
Base image: python:3.8.16-slim-bullseye