-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: David Wertenteil <[email protected]>
- Loading branch information
David Wertenteil
committed
Dec 25, 2023
1 parent
7a1888f
commit 2518231
Showing
12 changed files
with
24 additions
and
26 deletions.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
configurations/relevant_cves/expected-result/wikijs/filteredCVEs/mariadb.json
Large diffs are not rendered by default.
Oops, something went wrong.
2 changes: 1 addition & 1 deletion
2
configurations/relevant_cves/expected-result/wikijs/filteredCVEs/nginx.json
Large diffs are not rendered by default.
Oops, something went wrong.
2 changes: 1 addition & 1 deletion
2
configurations/relevant_cves/expected-result/wikijs/filteredCVEs/python-client-to-java.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"kind": "VulnerabilityManifest", "apiVersion": "spdx.softwarecomposition.kubescape.io/v1beta1", "metadata": {"name": "systest-ns-l3dc-replicaset-python-6644fdb794-3045-5d79", "namespace": "kubescape", "uid": "fa5b0d4e-75c0-4d5c-837b-5a1daf1097a2", "resourceVersion": "1", "creationTimestamp": "2023-07-10T19:43:41Z", "labels": {"kubescape.io/context": "filtered", "kubescape.io/workload-api-group": "apps", "kubescape.io/workload-api-version": "v1", "kubescape.io/workload-container-name": "python", "kubescape.io/workload-kind": "Deployment", "kubescape.io/workload-name": "python"}, "annotations": {"kubescape.io/image-id": "docker.io/library/python@sha256:4e8e9a59bf1b3ca8e030244bc5f801f23e41e37971907371da21191312087a07", "kubescape.io/status": "", "kubescape.io/workload-container-name": "python"}}, "spec": {"metadata": {"withRelevancy": true, "tool": {"name": "", "version": "v0.61.0", "databaseVersion": "sha256:5a5f72d5828b204f21cd1e15f95f6fa8ec214da0ad0d970bd91f5dee43100cb3"}, "report": {"createdAt": null}}, "payload": {"matches": [{"vulnerability": {"id": "CVE-2007-4559", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559", "namespace": "nvd:cpe", "severity": "Medium", "urls": ["http://mail.python.org/pipermail/python-dev/2007-August/074290.html", "http://mail.python.org/pipermail/python-dev/2007-August/074292.html", "http://www.vupen.com/english/advisories/2007/3022", "https://bugzilla.redhat.com/show_bug.cgi?id=263261"], "description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "cvss": [{"version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": {"baseScore": 6.8, "exploitabilityScore": 8.6, "impactScore": 6.4}, "vendorMetadata": {}}], "fix": {"versions": [], "state": "unknown"}, "advisories": null}, "relatedVulnerabilities": null, "matchDetails": [{"type": "cpe-match", "matcher": "stock-matcher", "searchedBy": {"namespace": "nvd:cpe", "cpes": ["cpe:2.3:a:python_software_foundation:python:3.11.3:*:*:*:*:*:*:*"]}, "found": {"vulnerabilityID": "CVE-2007-4559", "versionConstraint": "none (unknown)", "cpes": ["cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*"]}}], "artifact": {"name": "python", "version": "3.11.3", "type": "UnknownPackage", "locations": null, "language": "", "licenses": [], "cpes": ["cpe:2.3:a:python_software_foundation:python:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.11.3:*:*:*:*:*:*:*"], "purl": "pkg:generic/[email protected]", "upstreams": null, "metadata": null}}, {"vulnerability": {"id": "CVE-2018-20225", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20225", "namespace": "nvd:cpe", "severity": "High", "urls": ["https://bugzilla.redhat.com/show_bug.cgi?id=1835736", "https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html", "https://lists.apache.org/thread.html/rb1adce798445facd032870d644eb39c4baaf9c4a7dd5477d12bb6ab2@%3Cgithub.arrow.apache.org%3E", "https://pip.pypa.io/en/stable/news/"], "description": "** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.", "cvss": [{"version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": {"baseScore": 6.8, "exploitabilityScore": 8.6, "impactScore": 6.4}, "vendorMetadata": {}}, {"version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": {"baseScore": 7.8, "exploitabilityScore": 1.8, "impactScore": 5.9}, "vendorMetadata": {}}], "fix": {"versions": [], "state": "unknown"}, "advisories": null}, "relatedVulnerabilities": null, "matchDetails": [{"type": "cpe-match", "matcher": "python-matcher", "searchedBy": {"namespace": "nvd:cpe", "cpes": ["cpe:2.3:a:pypa:pip:22.3.1:*:*:*:*:*:*:*"]}, "found": {"vulnerabilityID": "CVE-2018-20225", "versionConstraint": "none (unknown)", "cpes": ["cpe:2.3:a:pypa:pip:*:*:*:*:*:*:*:*"]}}], "artifact": {"name": "pip", "version": "22.3.1", "type": "python", "locations": null, "language": "python", "licenses": ["MIT"], "cpes": ["cpe:2.3:a:pip_developers_project:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers_project:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig_project:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig_project:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developersproject:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developersproject:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sigproject:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sigproject:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers_project:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig_project:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developersproject:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils-sig:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils-sig:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sigproject:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python-pip:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python-pip:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python_pip:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python_pip:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils-sig:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pypa:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pypa:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python-pip:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python_pip:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pypa:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip:pip:22.3.1:*:*:*:*:*:*:*"], "purl": "pkg:pypi/[email protected]", "upstreams": null, "metadata": null}}], "source": {"type": "image", "target": {"userInput": "", "imageID": "", "manifestDigest": "", "mediaType": "", "tags": [], "imageSize": 0, "layers": null, "manifest": null, "config": null, "repoDigests": [], "architecture": "", "os": ""}}, "distro": {"name": "alpine", "version": "3.18.0", "idLike": ["alpine"]}, "descriptor": {"name": "grype", "version": "[not provided]", "configuration": null, "db": {"built": "2023-05-29T01:31:19Z", "schemaVersion": 5, "location": "/home/ks/.cache/grype/db/5", "checksum": "sha256:5a5f72d5828b204f21cd1e15f95f6fa8ec214da0ad0d970bd91f5dee43100cb3", "error": null}}}}, "status": {}} | ||
| {"kind": "VulnerabilityManifest", "apiVersion": "spdx.softwarecomposition.kubescape.io/v1beta1", "metadata": {"name": "replicaset-python-6644fdb794", "namespace": "kubescape", "uid": "fa5b0d4e-75c0-4d5c-837b-5a1daf1097a2", "resourceVersion": "1", "creationTimestamp": "2023-07-10T19:43:41Z", "labels": {"kubescape.io/context": "filtered", "kubescape.io/workload-api-group": "apps", "kubescape.io/workload-api-version": "v1", "kubescape.io/workload-container-name": "python", "kubescape.io/workload-kind": "Deployment", "kubescape.io/workload-name": "python"}, "annotations": {"kubescape.io/image-id": "docker.io/library/python@sha256:4e8e9a59bf1b3ca8e030244bc5f801f23e41e37971907371da21191312087a07", "kubescape.io/status": "", "kubescape.io/workload-container-name": "python"}}, "spec": {"metadata": {"withRelevancy": true, "tool": {"name": "", "version": "v0.61.0", "databaseVersion": "sha256:5a5f72d5828b204f21cd1e15f95f6fa8ec214da0ad0d970bd91f5dee43100cb3"}, "report": {"createdAt": null}}, "payload": {"matches": [{"vulnerability": {"id": "CVE-2007-4559", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559", "namespace": "nvd:cpe", "severity": "Medium", "urls": ["http://mail.python.org/pipermail/python-dev/2007-August/074290.html", "http://mail.python.org/pipermail/python-dev/2007-August/074292.html", "http://www.vupen.com/english/advisories/2007/3022", "https://bugzilla.redhat.com/show_bug.cgi?id=263261"], "description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "cvss": [{"version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": {"baseScore": 6.8, "exploitabilityScore": 8.6, "impactScore": 6.4}, "vendorMetadata": {}}], "fix": {"versions": [], "state": "unknown"}, "advisories": null}, "relatedVulnerabilities": null, "matchDetails": [{"type": "cpe-match", "matcher": "stock-matcher", "searchedBy": {"namespace": "nvd:cpe", "cpes": ["cpe:2.3:a:python_software_foundation:python:3.11.3:*:*:*:*:*:*:*"]}, "found": {"vulnerabilityID": "CVE-2007-4559", "versionConstraint": "none (unknown)", "cpes": ["cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*"]}}], "artifact": {"name": "python", "version": "3.11.3", "type": "UnknownPackage", "locations": null, "language": "", "licenses": [], "cpes": ["cpe:2.3:a:python_software_foundation:python:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.11.3:*:*:*:*:*:*:*"], "purl": "pkg:generic/[email protected]", "upstreams": null, "metadata": null}}, {"vulnerability": {"id": "CVE-2018-20225", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20225", "namespace": "nvd:cpe", "severity": "High", "urls": ["https://bugzilla.redhat.com/show_bug.cgi?id=1835736", "https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html", "https://lists.apache.org/thread.html/rb1adce798445facd032870d644eb39c4baaf9c4a7dd5477d12bb6ab2@%3Cgithub.arrow.apache.org%3E", "https://pip.pypa.io/en/stable/news/"], "description": "** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.", "cvss": [{"version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": {"baseScore": 6.8, "exploitabilityScore": 8.6, "impactScore": 6.4}, "vendorMetadata": {}}, {"version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": {"baseScore": 7.8, "exploitabilityScore": 1.8, "impactScore": 5.9}, "vendorMetadata": {}}], "fix": {"versions": [], "state": "unknown"}, "advisories": null}, "relatedVulnerabilities": null, "matchDetails": [{"type": "cpe-match", "matcher": "python-matcher", "searchedBy": {"namespace": "nvd:cpe", "cpes": ["cpe:2.3:a:pypa:pip:22.3.1:*:*:*:*:*:*:*"]}, "found": {"vulnerabilityID": "CVE-2018-20225", "versionConstraint": "none (unknown)", "cpes": ["cpe:2.3:a:pypa:pip:*:*:*:*:*:*:*:*"]}}], "artifact": {"name": "pip", "version": "22.3.1", "type": "python", "locations": null, "language": "python", "licenses": ["MIT"], "cpes": ["cpe:2.3:a:pip_developers_project:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers_project:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig_project:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig_project:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developersproject:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developersproject:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sigproject:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sigproject:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers_project:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig_project:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developersproject:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils-sig:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils-sig:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sigproject:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python-pip:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python-pip:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python_pip:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python_pip:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip_developers:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils-sig:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:distutils_sig:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pypa:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pypa:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip:python-pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip:python_pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python-pip:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python_pip:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pypa:pip:22.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pip:pip:22.3.1:*:*:*:*:*:*:*"], "purl": "pkg:pypi/[email protected]", "upstreams": null, "metadata": null}}], "source": {"type": "image", "target": {"userInput": "", "imageID": "", "manifestDigest": "", "mediaType": "", "tags": [], "imageSize": 0, "layers": null, "manifest": null, "config": null, "repoDigests": [], "architecture": "", "os": ""}}, "distro": {"name": "alpine", "version": "3.18.0", "idLike": ["alpine"]}, "descriptor": {"name": "grype", "version": "[not provided]", "configuration": null, "db": {"built": "2023-05-29T01:31:19Z", "schemaVersion": 5, "location": "/home/ks/.cache/grype/db/5", "checksum": "sha256:5a5f72d5828b204f21cd1e15f95f6fa8ec214da0ad0d970bd91f5dee43100cb3", "error": null}}}}, "status": {}} |
Oops, something went wrong.