registry.hub.docker.com/aquasec/tfsec-ci (alpine 3.21.2)¶ Trivy Image Scan Image: registry.hub.docker.com/aquasec/tfsec-ci (alpine 3.21.2) Scan date: 2025-02-19 registry.hub.docker.com/aquasec/tfsec-ci (alpine 3.21.2) (alpine)¶ Package Vulnerability ID Severity Installed Version Fixed Version Links git CVE-2024-52006 MEDIUM 2.47.1-r0 2.47.2-r0 https://access.redhat.com/security/cve/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://ubuntu.com/security/notices/USN-7207-1 https://www.cve.org/CVERecord?id=CVE-2024-52006 git CVE-2024-50349 LOW 2.47.1-r0 2.47.2-r0 https://access.redhat.com/security/cve/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://ubuntu.com/security/notices/USN-7207-1 https://www.cve.org/CVERecord?id=CVE-2024-50349 git-init-template CVE-2024-52006 MEDIUM 2.47.1-r0 2.47.2-r0 https://access.redhat.com/security/cve/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://ubuntu.com/security/notices/USN-7207-1 https://www.cve.org/CVERecord?id=CVE-2024-52006 git-init-template CVE-2024-50349 LOW 2.47.1-r0 2.47.2-r0 https://access.redhat.com/security/cve/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://ubuntu.com/security/notices/USN-7207-1 https://www.cve.org/CVERecord?id=CVE-2024-50349 libcrypto3 CVE-2024-12797 HIGH 3.3.2-r4 3.3.3-r0 http://www.openwall.com/lists/oss-security/2025/02/11/3 http://www.openwall.com/lists/oss-security/2025/02/11/4 https://access.redhat.com/errata/RHSA-2025:1330 https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/2342757 https://errata.almalinux.org/9/ALSA-2025-1330.html https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9 https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7 https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699 https://github.com/pyca/cryptography https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g https://linux.oracle.com/cve/CVE-2024-12797.html https://linux.oracle.com/errata/ELSA-2025-1330.html https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://openssl-library.org/news/secadv/20250211.txt https://security.netapp.com/advisory/ntap-20250214-0001/ https://ubuntu.com/security/notices/USN-7264-1 https://www.cve.org/CVERecord?id=CVE-2024-12797 libcrypto3 CVE-2024-13176 MEDIUM 3.3.2-r4 3.3.2-r5 http://www.openwall.com/lists/oss-security/2025/01/20/2 https://access.redhat.com/security/cve/CVE-2024-13176 https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844 https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467 https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902 https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65 https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://openssl-library.org/news/secadv/20250120.txt https://security.netapp.com/advisory/ntap-20250124-0005/ https://ubuntu.com/security/notices/USN-7264-1 https://www.cve.org/CVERecord?id=CVE-2024-13176 libcurl CVE-2025-0725 MEDIUM 8.11.1-r0 8.12.0-r0 http://www.openwall.com/lists/oss-security/2025/02/05/3 http://www.openwall.com/lists/oss-security/2025/02/06/2 http://www.openwall.com/lists/oss-security/2025/02/06/4 https://access.redhat.com/security/cve/CVE-2025-0725 https://curl.se/docs/CVE-2025-0725.html https://curl.se/docs/CVE-2025-0725.json https://hackerone.com/reports/2956023 https://nvd.nist.gov/vuln/detail/CVE-2025-0725 https://www.cve.org/CVERecord?id=CVE-2025-0725 libcurl CVE-2025-0167 LOW 8.11.1-r0 8.12.0-r0 https://curl.se/docs/CVE-2025-0167.html https://curl.se/docs/CVE-2025-0167.json https://hackerone.com/reports/2917232 https://www.cve.org/CVERecord?id=CVE-2025-0167 libcurl CVE-2025-0665 UNKNOWN 8.11.1-r0 8.12.0-r0 http://www.openwall.com/lists/oss-security/2025/02/05/2 http://www.openwall.com/lists/oss-security/2025/02/05/5 https://curl.se/docs/CVE-2025-0665.html https://curl.se/docs/CVE-2025-0665.json https://hackerone.com/reports/2954286 libssl3 CVE-2024-12797 HIGH 3.3.2-r4 3.3.3-r0 http://www.openwall.com/lists/oss-security/2025/02/11/3 http://www.openwall.com/lists/oss-security/2025/02/11/4 https://access.redhat.com/errata/RHSA-2025:1330 https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/2342757 https://errata.almalinux.org/9/ALSA-2025-1330.html https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9 https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7 https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699 https://github.com/pyca/cryptography https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g https://linux.oracle.com/cve/CVE-2024-12797.html https://linux.oracle.com/errata/ELSA-2025-1330.html https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://openssl-library.org/news/secadv/20250211.txt https://security.netapp.com/advisory/ntap-20250214-0001/ https://ubuntu.com/security/notices/USN-7264-1 https://www.cve.org/CVERecord?id=CVE-2024-12797 libssl3 CVE-2024-13176 MEDIUM 3.3.2-r4 3.3.2-r5 http://www.openwall.com/lists/oss-security/2025/01/20/2 https://access.redhat.com/security/cve/CVE-2024-13176 https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844 https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467 https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902 https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65 https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://openssl-library.org/news/secadv/20250120.txt https://security.netapp.com/advisory/ntap-20250124-0005/ https://ubuntu.com/security/notices/USN-7264-1 https://www.cve.org/CVERecord?id=CVE-2024-13176 musl CVE-2025-26519 UNKNOWN 1.2.5-r8 1.2.5-r9 http://www.openwall.com/lists/oss-security/2025/02/13/2 http://www.openwall.com/lists/oss-security/2025/02/13/3 http://www.openwall.com/lists/oss-security/2025/02/13/4 http://www.openwall.com/lists/oss-security/2025/02/13/5 http://www.openwall.com/lists/oss-security/2025/02/14/5 http://www.openwall.com/lists/oss-security/2025/02/14/6 https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659 https://www.openwall.com/lists/oss-security/2025/02/13/2 musl-utils CVE-2025-26519 UNKNOWN 1.2.5-r8 1.2.5-r9 http://www.openwall.com/lists/oss-security/2025/02/13/2 http://www.openwall.com/lists/oss-security/2025/02/13/3 http://www.openwall.com/lists/oss-security/2025/02/13/4 http://www.openwall.com/lists/oss-security/2025/02/13/5 http://www.openwall.com/lists/oss-security/2025/02/14/5 http://www.openwall.com/lists/oss-security/2025/02/14/6 https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659 https://www.openwall.com/lists/oss-security/2025/02/13/2 No Misconfigurations found usr/bin/tfsec (gobinary)¶ Package Vulnerability ID Severity Installed Version Fixed Version Links stdlib CVE-2024-45336 MEDIUM v1.22.7 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/security/cve/CVE-2024-45336 https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://www.cve.org/CVERecord?id=CVE-2024-45336 stdlib CVE-2024-45341 MEDIUM v1.22.7 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/security/cve/CVE-2024-45341 https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://www.cve.org/CVERecord?id=CVE-2024-45341 stdlib CVE-2025-22866 MEDIUM v1.22.7 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://www.cve.org/CVERecord?id=CVE-2025-22866 No Misconfigurations found