cyber-dojo
flows
nginx-archived-at-1707630884
artifacts
8a20afc34b68c625827ae8887f4a68e4bec9cda9b035ed60ac0486ceab10aad6
By signing up, you agree to the
Terms of Service.
For more information about Kosli’s privacy practices, see the Kosli’s
Privacy Policy.
We’ll occasionally send you account-related emails.
We’ll occasionally send you account-related emails.
nginx-archived-at-1707630884
Reverse proxy
cyberdojo/nginx:ba45a27
Compliant
Download Evidence Package
JSON
{
"created_at": 1695894653.215175,
"fingerprint": "8a20afc34b68c625827ae8887f4a68e4bec9cda9b035ed60ac0486ceab10aad6",
"filename": "cyberdojo/nginx:ba45a27",
"git_commit": "ba45a2799eb8408ea325bd720930977f0d17cb22",
"build_url": "https://github.com/cyber-dojo/nginx/actions/runs/6337285141",
"commit_url": "https://github.com/cyber-dojo/nginx/commit/ba45a2799eb8408ea325bd720930977f0d17cb22",
"evidence": {
"snyk-scan": {
"evidence_type": "snyk",
"is_compliant": true,
"build_url": "https://github.com/cyber-dojo/nginx/actions/runs/6337285141",
"evidence_archive_fingerprint": "8811e0621d39a41f774351085c6052acad484f86b56d482ad6fd2ac7ee26d191",
"user_data": {},
"snyk_results": {
"applications": [
{
"dependencyCount": 0,
"displayTargetFile": "/usr/share/java",
"docker": {},
"filesystemPolicy": true,
"hasUnknownVersions": false,
"ignoreSettings": {
"adminOnly": false,
"disregardFilesystemIgnores": false,
"reasonRequired": false
},
"isPrivate": true,
"licensesPolicy": {
"orgLicenseRules": {
"AGPL-1.0": {
"instructions": "",
"licenseType": "AGPL-1.0",
"severity": "high"
},
"AGPL-3.0": {
"instructions": "",
"licenseType": "AGPL-3.0",
"severity": "high"
},
"Artistic-1.0": {
"instructions": "",
"licenseType": "Artistic-1.0",
"severity": "medium"
},
"Artistic-2.0": {
"instructions": "",
"licenseType": "Artistic-2.0",
"severity": "medium"
},
"CDDL-1.0": {
"instructions": "",
"licenseType": "CDDL-1.0",
"severity": "medium"
},
"CPOL-1.02": {
"instructions": "",
"licenseType": "CPOL-1.02",
"severity": "high"
},
"EPL-1.0": {
"instructions": "",
"licenseType": "EPL-1.0",
"severity": "medium"
},
"GPL-2.0": {
"instructions": "",
"licenseType": "GPL-2.0",
"severity": "high"
},
"GPL-3.0": {
"instructions": "",
"licenseType": "GPL-3.0",
"severity": "high"
},
"LGPL-2.0": {
"instructions": "",
"licenseType": "LGPL-2.0",
"severity": "medium"
},
"LGPL-2.1": {
"instructions": "",
"licenseType": "LGPL-2.1",
"severity": "medium"
},
"LGPL-3.0": {
"instructions": "",
"licenseType": "LGPL-3.0",
"severity": "medium"
},
"MPL-1.1": {
"instructions": "",
"licenseType": "MPL-1.1",
"severity": "medium"
},
"MPL-2.0": {
"instructions": "",
"licenseType": "MPL-2.0",
"severity": "medium"
},
"MS-RL": {
"instructions": "",
"licenseType": "MS-RL",
"severity": "medium"
},
"SimPL-2.0": {
"instructions": "",
"licenseType": "SimPL-2.0",
"severity": "high"
}
},
"severities": {}
},
"ok": true,
"org": "jonjagger",
"packageManager": "maven",
"path": "cyberdojo/nginx:ba45a27/nginx:ba45a27:/usr/share/java",
"policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-DEBIAN12-GLIBC-5894115:\n - '*':\n reason: None Given\n expires: 2023-10-28T09:47:13.646Z\n created: 2023-09-28T09:47:13.649Z\n source: cli\npatch: {}\n",
"projectName": "cyberdojo/nginx:ba45a27:/usr/share/java",
"severityThreshold": "medium",
"summary": "No medium or high or critical severity vulnerabilities",
"targetFile": "/usr/share/java",
"uniqueCount": 0,
"vulnerabilities": []
}
],
"dependencyCount": 149,
"displayTargetFile": "/home/runner/work/nginx/nginx/Dockerfile",
"docker": {
"baseImage": "nginx:latest",
"baseImageRemediation": {
"advice": [
{
"bold": true,
"message": "According to our scan, you are currently using the most secure version of the selected base image"
}
],
"code": "NO_REMEDIATION_AVAILABLE"
}
},
"filesystemPolicy": true,
"filtered": {
"ignore": [
{
"CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"cpes": [],
"creationTime": "2023-09-13T13:02:01.028654Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "NVD",
"cvssV3BaseScore": 6.5,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"modificationTime": "2023-09-23T01:11:00.174881Z",
"severity": "medium"
}
],
"cvssScore": 6.5,
"description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4527)\n- [secalert@redhat.com](https://access.redhat.com/security/cve/CVE-2023-4527)\n- [secalert@redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=2234712)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/09/25/1)\n",
"disclosureTime": "2023-09-18T17:15:55.067000Z",
"epssDetails": {
"modelVersion": "v2023.03.01",
"percentile": "0.14200",
"probability": "0.00046"
},
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2023-09-28T09:47:13.649Z",
"expires": "2023-10-28T09:47:13.646Z",
"path": [
"*"
],
"reason": "None Given",
"source": "cli"
}
]
},
"fixedIn": [],
"from": [
"docker-image|cyberdojo/nginx@ba45a27",
"glibc/libc-bin@2.36-9+deb12u1"
],
"id": "SNYK-DEBIAN12-GLIBC-5894115",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-4527"
],
"CWE": [
"CWE-125"
]
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2023-09-25T13:10:47.007924Z",
"name": "glibc/libc-bin",
"nvdSeverity": "medium",
"packageManager": "debian:12",
"packageName": "glibc",
"patches": [],
"publicationTime": "2023-09-13T13:01:39.240394Z",
"references": [
{
"title": "https://security-tracker.debian.org/tracker/CVE-2023-4527",
"url": "https://security-tracker.debian.org/tracker/CVE-2023-4527"
},
{
"title": "https://access.redhat.com/security/cve/CVE-2023-4527",
"url": "https://access.redhat.com/security/cve/CVE-2023-4527"
},
{
"title": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712"
},
{
"title": "http://www.openwall.com/lists/oss-security/2023/09/25/1",
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/1"
}
],
"relativeImportance": "not yet assigned",
"semver": {
"vulnerable": [
"*"
]
},
"severity": "medium",
"severityWithCritical": "medium",
"socialTrendAlert": false,
"title": "Out-of-bounds Read",
"upgradePath": [],
"version": "2.36-9+deb12u1"
},
{
"CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"cpes": [],
"creationTime": "2023-09-13T13:02:01.028654Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "NVD",
"cvssV3BaseScore": 6.5,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"modificationTime": "2023-09-23T01:11:00.174881Z",
"severity": "medium"
}
],
"cvssScore": 6.5,
"description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4527)\n- [secalert@redhat.com](https://access.redhat.com/security/cve/CVE-2023-4527)\n- [secalert@redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=2234712)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/09/25/1)\n",
"disclosureTime": "2023-09-18T17:15:55.067000Z",
"epssDetails": {
"modelVersion": "v2023.03.01",
"percentile": "0.14200",
"probability": "0.00046"
},
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2023-09-28T09:47:13.649Z",
"expires": "2023-10-28T09:47:13.646Z",
"path": [
"*"
],
"reason": "None Given",
"source": "cli"
}
]
},
"fixedIn": [],
"from": [
"docker-image|cyberdojo/nginx@ba45a27",
"glibc/libc6@2.36-9+deb12u1"
],
"id": "SNYK-DEBIAN12-GLIBC-5894115",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-4527"
],
"CWE": [
"CWE-125"
]
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2023-09-25T13:10:47.007924Z",
"name": "glibc/libc6",
"nvdSeverity": "medium",
"packageManager": "debian:12",
"packageName": "glibc",
"patches": [],
"publicationTime": "2023-09-13T13:01:39.240394Z",
"references": [
{
"title": "https://security-tracker.debian.org/tracker/CVE-2023-4527",
"url": "https://security-tracker.debian.org/tracker/CVE-2023-4527"
},
{
"title": "https://access.redhat.com/security/cve/CVE-2023-4527",
"url": "https://access.redhat.com/security/cve/CVE-2023-4527"
},
{
"title": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712"
},
{
"title": "http://www.openwall.com/lists/oss-security/2023/09/25/1",
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/1"
}
],
"relativeImportance": "not yet assigned",
"semver": {
"vulnerable": [
"*"
]
},
"severity": "medium",
"severityWithCritical": "medium",
"socialTrendAlert": false,
"title": "Out-of-bounds Read",
"upgradePath": [],
"version": "2.36-9+deb12u1"
}
],
"patch": []
},
"hasUnknownVersions": false,
"ignoreSettings": {
"adminOnly": false,
"disregardFilesystemIgnores": false,
"reasonRequired": false
},
"isPrivate": true,
"licensesPolicy": {
"orgLicenseRules": {
"AGPL-1.0": {
"instructions": "",
"licenseType": "AGPL-1.0",
"severity": "high"
},
"AGPL-3.0": {
"instructions": "",
"licenseType": "AGPL-3.0",
"severity": "high"
},
"Artistic-1.0": {
"instructions": "",
"licenseType": "Artistic-1.0",
"severity": "medium"
},
"Artistic-2.0": {
"instructions": "",
"licenseType": "Artistic-2.0",
"severity": "medium"
},
"CDDL-1.0": {
"instructions": "",
"licenseType": "CDDL-1.0",
"severity": "medium"
},
"CPOL-1.02": {
"instructions": "",
"licenseType": "CPOL-1.02",
"severity": "high"
},
"EPL-1.0": {
"instructions": "",
"licenseType": "EPL-1.0",
"severity": "medium"
},
"GPL-2.0": {
"instructions": "",
"licenseType": "GPL-2.0",
"severity": "high"
},
"GPL-3.0": {
"instructions": "",
"licenseType": "GPL-3.0",
"severity": "high"
},
"LGPL-2.0": {
"instructions": "",
"licenseType": "LGPL-2.0",
"severity": "medium"
},
"LGPL-2.1": {
"instructions": "",
"licenseType": "LGPL-2.1",
"severity": "medium"
},
"LGPL-3.0": {
"instructions": "",
"licenseType": "LGPL-3.0",
"severity": "medium"
},
"MPL-1.1": {
"instructions": "",
"licenseType": "MPL-1.1",
"severity": "medium"
},
"MPL-2.0": {
"instructions": "",
"licenseType": "MPL-2.0",
"severity": "medium"
},
"MS-RL": {
"instructions": "",
"licenseType": "MS-RL",
"severity": "medium"
},
"SimPL-2.0": {
"instructions": "",
"licenseType": "SimPL-2.0",
"severity": "high"
}
},
"severities": {}
},
"ok": true,
"org": "jonjagger",
"packageManager": "deb",
"path": "cyberdojo/nginx:ba45a27/nginx",
"platform": "linux/amd64",
"policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-DEBIAN12-GLIBC-5894115:\n - '*':\n reason: None Given\n expires: 2023-10-28T09:47:13.646Z\n created: 2023-09-28T09:47:13.649Z\n source: cli\npatch: {}\n",
"projectName": "docker-image|cyberdojo/nginx",
"severityThreshold": "medium",
"summary": "No known operating system vulnerabilities",
"targetFile": "/home/runner/work/nginx/nginx/Dockerfile",
"uniqueCount": 0,
"vulnerabilities": []
},
"created_at": 1695894662.7762198,
"has_audit_package": true
}
},
"git_commit_info": {
"sha1": "ba45a2799eb8408ea325bd720930977f0d17cb22",
"message": "Update .snyk file",
"author": "Faye <faye@kosli.com>",
"timestamp": 1695894591,
"branch": "main"
},
"repo_url": "https://github.com/cyber-dojo/nginx",
"template": [
"artifact",
"snyk-scan"
],
"last_modified_at": 1695894662.7762198,
"deployments": [
64,
63
],
"state": "COMPLIANT",
"html_url": "https://app.kosli.com/cyber-dojo/flows/nginx-archived-at-1707630884/artifacts/8a20afc34b68c625827ae8887f4a68e4bec9cda9b035ed60ac0486ceab10aad6",
"api_url": "https://app.kosli.com/api/v2/artifacts/cyber-dojo/nginx-archived-at-1707630884/fingerprint/8a20afc34b68c625827ae8887f4a68e4bec9cda9b035ed60ac0486ceab10aad6"
}
Artifact Information |
|
| Name | cyberdojo/nginx:ba45a27 |
| Fingerprint | 8a20afc34b68c625827ae8887f4a68e4bec9cda9b035ed60ac0486ceab10aad6 |
| Git commit |
ba45a27
Faye <faye@kosli.com> (main)
1695894591.0 • 7 months ago
Update .snyk file
|
| CI Build | https://github.com/cyber-dojo/nginx/actions/runs/6337285141 |
| Running | - |
| Exited | aws-beta#1836 aws-prod#1108 |
| Last modified | 1695894662.7762198 • 7 months ago |
Approvals
| None |
Evidence
Evidence for 'snyk-scan'
{ "evidence_type": "snyk", "name": "snyk-scan", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/nginx/actions/runs/6337285141", "evidence_archive_fingerprint": "8811e0621d39a41f774351085c6052acad484f86b56d482ad6fd2ac7ee26d191", "user_data": {}, "snyk_results": { "applications": [ { "dependencyCount": 0, "displayTargetFile": "/usr/share/java", "docker": {}, "filesystemPolicy": true, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "maven", "path": "cyberdojo/nginx:ba45a27/nginx:ba45a27:/usr/share/java", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-DEBIAN12-GLIBC-5894115:\n - '*':\n reason: None Given\n expires: 2023-10-28T09:47:13.646Z\n created: 2023-09-28T09:47:13.649Z\n source: cli\npatch: {}\n", "projectName": "cyberdojo/nginx:ba45a27:/usr/share/java", "severityThreshold": "medium", "summary": "No medium or high or critical severity vulnerabilities", "targetFile": "/usr/share/java", "uniqueCount": 0, "vulnerabilities": [] } ], "dependencyCount": 149, "displayTargetFile": "/home/runner/work/nginx/nginx/Dockerfile", "docker": { "baseImage": "nginx:latest", "baseImageRemediation": { "advice": [ { "bold": true, "message": "According to our scan, you are currently using the most secure version of the selected base image" } ], "code": "NO_REMEDIATION_AVAILABLE" } }, "filesystemPolicy": true, "filtered": { "ignore": [ { "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "cpes": [], "creationTime": "2023-09-13T13:02:01.028654Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 6.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "modificationTime": "2023-09-23T01:11:00.174881Z", "severity": "medium" } ], "cvssScore": 6.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4527)\n- [secalert@redhat.com](https://access.redhat.com/security/cve/CVE-2023-4527)\n- [secalert@redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=2234712)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/09/25/1)\n", "disclosureTime": "2023-09-18T17:15:55.067000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.14200", "probability": "0.00046" }, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2023-09-28T09:47:13.649Z", "expires": "2023-10-28T09:47:13.646Z", "path": [ "*" ], "reason": "None Given", "source": "cli" } ] }, "fixedIn": [], "from": [ "docker-image|cyberdojo/nginx@ba45a27", "glibc/libc-bin@2.36-9+deb12u1" ], "id": "SNYK-DEBIAN12-GLIBC-5894115", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-4527" ], "CWE": [ "CWE-125" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-09-25T13:10:47.007924Z", "name": "glibc/libc-bin", "nvdSeverity": "medium", "packageManager": "debian:12", "packageName": "glibc", "patches": [], "publicationTime": "2023-09-13T13:01:39.240394Z", "references": [ { "title": "https://security-tracker.debian.org/tracker/CVE-2023-4527", "url": "https://security-tracker.debian.org/tracker/CVE-2023-4527" }, { "title": "https://access.redhat.com/security/cve/CVE-2023-4527", "url": "https://access.redhat.com/security/cve/CVE-2023-4527" }, { "title": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712" }, { "title": "http://www.openwall.com/lists/oss-security/2023/09/25/1", "url": "http://www.openwall.com/lists/oss-security/2023/09/25/1" } ], "relativeImportance": "not yet assigned", "semver": { "vulnerable": [ "*" ] }, "severity": "medium", "severityWithCritical": "medium", "socialTrendAlert": false, "title": "Out-of-bounds Read", "upgradePath": [], "version": "2.36-9+deb12u1" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "cpes": [], "creationTime": "2023-09-13T13:02:01.028654Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 6.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "modificationTime": "2023-09-23T01:11:00.174881Z", "severity": "medium" } ], "cvssScore": 6.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4527)\n- [secalert@redhat.com](https://access.redhat.com/security/cve/CVE-2023-4527)\n- [secalert@redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=2234712)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/09/25/1)\n", "disclosureTime": "2023-09-18T17:15:55.067000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.14200", "probability": "0.00046" }, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2023-09-28T09:47:13.649Z", "expires": "2023-10-28T09:47:13.646Z", "path": [ "*" ], "reason": "None Given", "source": "cli" } ] }, "fixedIn": [], "from": [ "docker-image|cyberdojo/nginx@ba45a27", "glibc/libc6@2.36-9+deb12u1" ], "id": "SNYK-DEBIAN12-GLIBC-5894115", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-4527" ], "CWE": [ "CWE-125" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-09-25T13:10:47.007924Z", "name": "glibc/libc6", "nvdSeverity": "medium", "packageManager": "debian:12", "packageName": "glibc", "patches": [], "publicationTime": "2023-09-13T13:01:39.240394Z", "references": [ { "title": "https://security-tracker.debian.org/tracker/CVE-2023-4527", "url": "https://security-tracker.debian.org/tracker/CVE-2023-4527" }, { "title": "https://access.redhat.com/security/cve/CVE-2023-4527", "url": "https://access.redhat.com/security/cve/CVE-2023-4527" }, { "title": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712" }, { "title": "http://www.openwall.com/lists/oss-security/2023/09/25/1", "url": "http://www.openwall.com/lists/oss-security/2023/09/25/1" } ], "relativeImportance": "not yet assigned", "semver": { "vulnerable": [ "*" ] }, "severity": "medium", "severityWithCritical": "medium", "socialTrendAlert": false, "title": "Out-of-bounds Read", "upgradePath": [], "version": "2.36-9+deb12u1" } ], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "deb", "path": "cyberdojo/nginx:ba45a27/nginx", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-DEBIAN12-GLIBC-5894115:\n - '*':\n reason: None Given\n expires: 2023-10-28T09:47:13.646Z\n created: 2023-09-28T09:47:13.649Z\n source: cli\npatch: {}\n", "projectName": "docker-image|cyberdojo/nginx", "severityThreshold": "medium", "summary": "No known operating system vulnerabilities", "targetFile": "/home/runner/work/nginx/nginx/Dockerfile", "uniqueCount": 0, "vulnerabilities": [] }, "created_at": 1695894662.7762198, "has_audit_package": true }