cyber-dojo
flows
shas-archived-at-1705491385
artifacts
8586acda1584bf71a51e6dc9b69c97da829945af2c0763c44a846896a1b0470b
By signing up, you agree to the
Terms of Service.
For more information about Kosli’s privacy practices, see the Kosli’s
Privacy Policy.
We’ll occasionally send you account-related emails.
We’ll occasionally send you account-related emails.
shas-archived-at-1705491385
UX for git+image shas
cyberdojo/shas:7c5efcb
Compliant
Download Evidence Package
JSON
{ "created_at": 1694934928.446969, "fingerprint": "8586acda1584bf71a51e6dc9b69c97da829945af2c0763c44a846896a1b0470b", "filename": "cyberdojo/shas:7c5efcb", "git_commit": "7c5efcb327e6f5e2a64d0b276990d801a25a9abc", "build_url": "https://github.com/cyber-dojo/shas/actions/runs/6212239761", "commit_url": "https://github.com/cyber-dojo/shas/commit/7c5efcb327e6f5e2a64d0b276990d801a25a9abc", "evidence": { "branch-coverage": { "evidence_type": "generic", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/shas/actions/runs/6212239761", "description": "server & client branch-coverage reports", "user_data": { "client": { "command_name": "Minitest", "groups": { "app": { "branches": { "covered": 1, "missed": 1, "total": 2 }, "lines": { "covered": 52, "missed": 0, "total": 52 } }, "test": { "branches": { "covered": 0, "missed": 0, "total": 0 }, "lines": { "covered": 0, "missed": 0, "total": 0 } } }, "timestamp": 1694934909 }, "server": { "command_name": "Minitest", "groups": { "app": { "branches": { "covered": 0, "missed": 0, "total": 0 }, "lines": { "covered": 69, "missed": 0, "total": 69 } }, "test": { "branches": { "covered": 0, "missed": 0, "total": 0 }, "lines": { "covered": 0, "missed": 0, "total": 0 } } }, "timestamp": 1694934904 } }, "created_at": 1694934930.173023, "has_audit_package": false }, "snyk-scan": { "evidence_type": "snyk", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/shas/actions/runs/6212239761", "evidence_archive_fingerprint": "40d0942b4bdef1cd2bff0bf624226de3d0d311fdc707428e0247012a8ab0c618", "user_data": {}, "snyk_results": { "applications": [ { "dependencyCount": 0, "displayTargetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "docker": {}, "filesystemPolicy": true, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "maven", "path": "cyberdojo/shas:7c5efcb/shas:7c5efcb:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-ALPINE318-PROCPSNG-5877704:\n - '*':\n reason: Wait for fix in base image\n expires: 2023-10-16T04:33:51.513Z\n created: 2023-09-16T04:33:51.517Z\n source: cli\npatch: {}\n", "projectName": "cyberdojo/shas:7c5efcb:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "summary": "No known vulnerabilities", "targetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "uniqueCount": 0, "vulnerabilities": [] } ], "dependencyCount": 76, "docker": { "baseImage": "ruby:3.2.2-alpine3.18", "baseImageRemediation": { "advice": [ { "message": "Base Image Vulnerabilities Severity\nruby:3.2.2-alpine3.18 1 0 critical, 0 high, 1 medium, 0 low\n" }, { "bold": true, "message": "Recommendations for base image upgrade:\n" }, { "bold": true, "message": "Alternative image types" }, { "message": "Base Image Vulnerabilities Severity\nruby:3.3.0-preview2-slim 40 0 critical, 0 high, 0 medium, 40 low\nruby:3.3.0-preview1-slim 40 0 critical, 0 high, 0 medium, 40 low\nruby:slim-bookworm 40 0 critical, 0 high, 0 medium, 40 low\nruby:3.3.0-preview1-slim-bullseye 58 0 critical, 0 high, 0 medium, 58 low\n" } ], "code": "REMEDIATION_AVAILABLE" }, "binariesVulns": { "affectedPkgs": {}, "issuesData": {} } }, "filesystemPolicy": true, "filtered": { "ignore": [ { "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-01T03:27:33.791819Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 5.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-08-08T01:10:53.366184Z", "severity": "medium" }, { "assigner": "Red Hat", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-09T13:42:28.491986Z", "severity": "low" }, { "assigner": "SUSE", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-30T23:03:26.681718Z", "severity": "low" } ], "cvssScore": 5.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `procps-ng` package and not the `procps-ng` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nUnder some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.\n## Remediation\nUpgrade `Alpine:3.18` `procps-ng` to version 4.0.4-r0 or higher.\n## References\n- [trellixpsirt@trellix.com](https://gitlab.com/procps-ng/procps)\n- [trellixpsirt@trellix.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/)\n", "disclosureTime": "2023-08-02T05:15:09.850000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.06936", "probability": "0.00043" }, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2023-09-16T04:33:51.517Z", "expires": "2023-10-16T04:33:51.513Z", "path": [ "*" ], "reason": "Wait for fix in base image", "source": "cli" } ] }, "fixedIn": [ "4.0.4-r0" ], "from": [ "docker-image|cyberdojo/shas@7c5efcb", "procps-ng/procps-ng@4.0.3-r1" ], "id": "SNYK-ALPINE318-PROCPSNG-5877704", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-4016" ], "CWE": [ "CWE-787" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-09-01T03:27:33.791830Z", "name": "procps-ng/procps-ng", "nearestFixedInVersion": "4.0.4-r0", "nvdSeverity": "medium", "packageManager": "alpine:3.18", "packageName": "procps-ng", "patches": [], "publicationTime": "2023-09-01T03:27:33.761611Z", "references": [ { "title": "trellixpsirt@trellix.com", "url": "https://gitlab.com/procps-ng/procps" }, { "title": "trellixpsirt@trellix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<4.0.4-r0" ] }, "severity": "medium", "severityWithCritical": "medium", "socialTrendAlert": false, "title": "Out-of-bounds Write", "upgradePath": [ false, "procps-ng/procps-ng@4.0.4-r0" ], "version": "4.0.3-r1" }, { "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-01T03:27:33.791819Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 5.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-08-08T01:10:53.366184Z", "severity": "medium" }, { "assigner": "Red Hat", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-09T13:42:28.491986Z", "severity": "low" }, { "assigner": "SUSE", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-30T23:03:26.681718Z", "severity": "low" } ], "cvssScore": 5.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `procps-ng` package and not the `procps-ng` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nUnder some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.\n## Remediation\nUpgrade `Alpine:3.18` `procps-ng` to version 4.0.4-r0 or higher.\n## References\n- [trellixpsirt@trellix.com](https://gitlab.com/procps-ng/procps)\n- [trellixpsirt@trellix.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/)\n", "disclosureTime": "2023-08-02T05:15:09.850000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.06936", "probability": "0.00043" }, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2023-09-16T04:33:51.517Z", "expires": "2023-10-16T04:33:51.513Z", "path": [ "*" ], "reason": "Wait for fix in base image", "source": "cli" } ] }, "fixedIn": [ "4.0.4-r0" ], "from": [ "docker-image|cyberdojo/shas@7c5efcb", "procps-ng/libproc2@4.0.3-r1", "procps-ng/procps-ng@4.0.3-r1" ], "id": "SNYK-ALPINE318-PROCPSNG-5877704", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-4016" ], "CWE": [ "CWE-787" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-09-01T03:27:33.791830Z", "name": "procps-ng/procps-ng", "nearestFixedInVersion": "4.0.4-r0", "nvdSeverity": "medium", "packageManager": "alpine:3.18", "packageName": "procps-ng", "patches": [], "publicationTime": "2023-09-01T03:27:33.761611Z", "references": [ { "title": "trellixpsirt@trellix.com", "url": "https://gitlab.com/procps-ng/procps" }, { "title": "trellixpsirt@trellix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<4.0.4-r0" ] }, "severity": "medium", "severityWithCritical": "medium", "socialTrendAlert": false, "title": "Out-of-bounds Write", "upgradePath": [], "version": "4.0.3-r1" }, { "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-01T03:27:33.791819Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 5.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-08-08T01:10:53.366184Z", "severity": "medium" }, { "assigner": "Red Hat", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-09T13:42:28.491986Z", "severity": "low" }, { "assigner": "SUSE", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-30T23:03:26.681718Z", "severity": "low" } ], "cvssScore": 5.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `procps-ng` package and not the `procps-ng` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nUnder some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.\n## Remediation\nUpgrade `Alpine:3.18` `procps-ng` to version 4.0.4-r0 or higher.\n## References\n- [trellixpsirt@trellix.com](https://gitlab.com/procps-ng/procps)\n- [trellixpsirt@trellix.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/)\n", "disclosureTime": "2023-08-02T05:15:09.850000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.06936", "probability": "0.00043" }, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2023-09-16T04:33:51.517Z", "expires": "2023-10-16T04:33:51.513Z", "path": [ "*" ], "reason": "Wait for fix in base image", "source": "cli" } ] }, "fixedIn": [ "4.0.4-r0" ], "from": [ "docker-image|cyberdojo/shas@7c5efcb", "procps-ng/libproc2@4.0.3-r1" ], "id": "SNYK-ALPINE318-PROCPSNG-5877704", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-4016" ], "CWE": [ "CWE-787" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-09-01T03:27:33.791830Z", "name": "procps-ng/libproc2", "nearestFixedInVersion": "4.0.4-r0", "nvdSeverity": "medium", "packageManager": "alpine:3.18", "packageName": "procps-ng", "patches": [], "publicationTime": "2023-09-01T03:27:33.761611Z", "references": [ { "title": "trellixpsirt@trellix.com", "url": "https://gitlab.com/procps-ng/procps" }, { "title": "trellixpsirt@trellix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<4.0.4-r0" ] }, "severity": "medium", "severityWithCritical": "medium", "socialTrendAlert": false, "title": "Out-of-bounds Write", "upgradePath": [ false, "procps-ng/libproc2@4.0.4-r0" ], "version": "4.0.3-r1" } ], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "apk", "path": "cyberdojo/shas:7c5efcb/shas", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-ALPINE318-PROCPSNG-5877704:\n - '*':\n reason: Wait for fix in base image\n expires: 2023-10-16T04:33:51.513Z\n created: 2023-09-16T04:33:51.517Z\n source: cli\npatch: {}\n", "projectName": "docker-image|cyberdojo/shas", "summary": "No known operating system vulnerabilities", "uniqueCount": 0, "vulnerabilities": [] }, "created_at": 1694934941.2911282, "has_audit_package": true } }, "repo_url": "https://github.com/cyber-dojo/shas", "template": [ "artifact", "branch-coverage", "snyk-scan" ], "last_modified_at": 1694934941.2911282, "deployments": [ 54, 53 ], "state": "COMPLIANT", "html_url": "https://app.kosli.com/cyber-dojo/flows/shas-archived-at-1705491385/artifacts/8586acda1584bf71a51e6dc9b69c97da829945af2c0763c44a846896a1b0470b", "api_url": "https://app.kosli.com/api/v2/artifacts/cyber-dojo/shas-archived-at-1705491385/fingerprint/8586acda1584bf71a51e6dc9b69c97da829945af2c0763c44a846896a1b0470b" }
Artifact Information |
|
Name | cyberdojo/shas:7c5efcb |
Fingerprint | 8586acda1584bf71a51e6dc9b69c97da829945af2c0763c44a846896a1b0470b |
Git commit | 7c5efcb |
CI Build | https://github.com/cyber-dojo/shas/actions/runs/6212239761 |
Running | - |
Exited | aws-beta#1802 aws-prod#1072 |
Last modified | 1694934941.2911282 • 7 months ago |
Approvals
None |
Evidence
Evidence for 'branch-coverage'
{ "evidence_type": "generic", "name": "branch-coverage", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/shas/actions/runs/6212239761", "description": "server & client branch-coverage reports", "user_data": { "client": { "command_name": "Minitest", "groups": { "app": { "branches": { "covered": 1, "missed": 1, "total": 2 }, "lines": { "covered": 52, "missed": 0, "total": 52 } }, "test": { "branches": { "covered": 0, "missed": 0, "total": 0 }, "lines": { "covered": 0, "missed": 0, "total": 0 } } }, "timestamp": 1694934909 }, "server": { "command_name": "Minitest", "groups": { "app": { "branches": { "covered": 0, "missed": 0, "total": 0 }, "lines": { "covered": 69, "missed": 0, "total": 69 } }, "test": { "branches": { "covered": 0, "missed": 0, "total": 0 }, "lines": { "covered": 0, "missed": 0, "total": 0 } } }, "timestamp": 1694934904 } }, "created_at": 1694934930.173023, "has_audit_package": false }
Evidence for 'snyk-scan'
{ "evidence_type": "snyk", "name": "snyk-scan", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/shas/actions/runs/6212239761", "evidence_archive_fingerprint": "40d0942b4bdef1cd2bff0bf624226de3d0d311fdc707428e0247012a8ab0c618", "user_data": {}, "snyk_results": { "applications": [ { "dependencyCount": 0, "displayTargetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "docker": {}, "filesystemPolicy": true, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "maven", "path": "cyberdojo/shas:7c5efcb/shas:7c5efcb:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-ALPINE318-PROCPSNG-5877704:\n - '*':\n reason: Wait for fix in base image\n expires: 2023-10-16T04:33:51.513Z\n created: 2023-09-16T04:33:51.517Z\n source: cli\npatch: {}\n", "projectName": "cyberdojo/shas:7c5efcb:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "summary": "No known vulnerabilities", "targetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "uniqueCount": 0, "vulnerabilities": [] } ], "dependencyCount": 76, "docker": { "baseImage": "ruby:3.2.2-alpine3.18", "baseImageRemediation": { "advice": [ { "message": "Base Image Vulnerabilities Severity\nruby:3.2.2-alpine3.18 1 0 critical, 0 high, 1 medium, 0 low\n" }, { "bold": true, "message": "Recommendations for base image upgrade:\n" }, { "bold": true, "message": "Alternative image types" }, { "message": "Base Image Vulnerabilities Severity\nruby:3.3.0-preview2-slim 40 0 critical, 0 high, 0 medium, 40 low\nruby:3.3.0-preview1-slim 40 0 critical, 0 high, 0 medium, 40 low\nruby:slim-bookworm 40 0 critical, 0 high, 0 medium, 40 low\nruby:3.3.0-preview1-slim-bullseye 58 0 critical, 0 high, 0 medium, 58 low\n" } ], "code": "REMEDIATION_AVAILABLE" }, "binariesVulns": { "affectedPkgs": {}, "issuesData": {} } }, "filesystemPolicy": true, "filtered": { "ignore": [ { "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-01T03:27:33.791819Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 5.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-08-08T01:10:53.366184Z", "severity": "medium" }, { "assigner": "Red Hat", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-09T13:42:28.491986Z", "severity": "low" }, { "assigner": "SUSE", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-30T23:03:26.681718Z", "severity": "low" } ], "cvssScore": 5.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `procps-ng` package and not the `procps-ng` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nUnder some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.\n## Remediation\nUpgrade `Alpine:3.18` `procps-ng` to version 4.0.4-r0 or higher.\n## References\n- [trellixpsirt@trellix.com](https://gitlab.com/procps-ng/procps)\n- [trellixpsirt@trellix.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/)\n", "disclosureTime": "2023-08-02T05:15:09.850000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.06936", "probability": "0.00043" }, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2023-09-16T04:33:51.517Z", "expires": "2023-10-16T04:33:51.513Z", "path": [ "*" ], "reason": "Wait for fix in base image", "source": "cli" } ] }, "fixedIn": [ "4.0.4-r0" ], "from": [ "docker-image|cyberdojo/shas@7c5efcb", "procps-ng/procps-ng@4.0.3-r1" ], "id": "SNYK-ALPINE318-PROCPSNG-5877704", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-4016" ], "CWE": [ "CWE-787" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-09-01T03:27:33.791830Z", "name": "procps-ng/procps-ng", "nearestFixedInVersion": "4.0.4-r0", "nvdSeverity": "medium", "packageManager": "alpine:3.18", "packageName": "procps-ng", "patches": [], "publicationTime": "2023-09-01T03:27:33.761611Z", "references": [ { "title": "trellixpsirt@trellix.com", "url": "https://gitlab.com/procps-ng/procps" }, { "title": "trellixpsirt@trellix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<4.0.4-r0" ] }, "severity": "medium", "severityWithCritical": "medium", "socialTrendAlert": false, "title": "Out-of-bounds Write", "upgradePath": [ false, "procps-ng/procps-ng@4.0.4-r0" ], "version": "4.0.3-r1" }, { "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-01T03:27:33.791819Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 5.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-08-08T01:10:53.366184Z", "severity": "medium" }, { "assigner": "Red Hat", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-09T13:42:28.491986Z", "severity": "low" }, { "assigner": "SUSE", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-30T23:03:26.681718Z", "severity": "low" } ], "cvssScore": 5.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `procps-ng` package and not the `procps-ng` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nUnder some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.\n## Remediation\nUpgrade `Alpine:3.18` `procps-ng` to version 4.0.4-r0 or higher.\n## References\n- [trellixpsirt@trellix.com](https://gitlab.com/procps-ng/procps)\n- [trellixpsirt@trellix.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/)\n", "disclosureTime": "2023-08-02T05:15:09.850000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.06936", "probability": "0.00043" }, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2023-09-16T04:33:51.517Z", "expires": "2023-10-16T04:33:51.513Z", "path": [ "*" ], "reason": "Wait for fix in base image", "source": "cli" } ] }, "fixedIn": [ "4.0.4-r0" ], "from": [ "docker-image|cyberdojo/shas@7c5efcb", "procps-ng/libproc2@4.0.3-r1", "procps-ng/procps-ng@4.0.3-r1" ], "id": "SNYK-ALPINE318-PROCPSNG-5877704", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-4016" ], "CWE": [ "CWE-787" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-09-01T03:27:33.791830Z", "name": "procps-ng/procps-ng", "nearestFixedInVersion": "4.0.4-r0", "nvdSeverity": "medium", "packageManager": "alpine:3.18", "packageName": "procps-ng", "patches": [], "publicationTime": "2023-09-01T03:27:33.761611Z", "references": [ { "title": "trellixpsirt@trellix.com", "url": "https://gitlab.com/procps-ng/procps" }, { "title": "trellixpsirt@trellix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<4.0.4-r0" ] }, "severity": "medium", "severityWithCritical": "medium", "socialTrendAlert": false, "title": "Out-of-bounds Write", "upgradePath": [], "version": "4.0.3-r1" }, { "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-01T03:27:33.791819Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 5.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-08-08T01:10:53.366184Z", "severity": "medium" }, { "assigner": "Red Hat", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-09T13:42:28.491986Z", "severity": "low" }, { "assigner": "SUSE", "cvssV3BaseScore": 2.5, "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-08-30T23:03:26.681718Z", "severity": "low" } ], "cvssScore": 5.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `procps-ng` package and not the `procps-ng` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nUnder some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.\n## Remediation\nUpgrade `Alpine:3.18` `procps-ng` to version 4.0.4-r0 or higher.\n## References\n- [trellixpsirt@trellix.com](https://gitlab.com/procps-ng/procps)\n- [trellixpsirt@trellix.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/)\n", "disclosureTime": "2023-08-02T05:15:09.850000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.06936", "probability": "0.00043" }, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2023-09-16T04:33:51.517Z", "expires": "2023-10-16T04:33:51.513Z", "path": [ "*" ], "reason": "Wait for fix in base image", "source": "cli" } ] }, "fixedIn": [ "4.0.4-r0" ], "from": [ "docker-image|cyberdojo/shas@7c5efcb", "procps-ng/libproc2@4.0.3-r1" ], "id": "SNYK-ALPINE318-PROCPSNG-5877704", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-4016" ], "CWE": [ "CWE-787" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-09-01T03:27:33.791830Z", "name": "procps-ng/libproc2", "nearestFixedInVersion": "4.0.4-r0", "nvdSeverity": "medium", "packageManager": "alpine:3.18", "packageName": "procps-ng", "patches": [], "publicationTime": "2023-09-01T03:27:33.761611Z", "references": [ { "title": "trellixpsirt@trellix.com", "url": "https://gitlab.com/procps-ng/procps" }, { "title": "trellixpsirt@trellix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<4.0.4-r0" ] }, "severity": "medium", "severityWithCritical": "medium", "socialTrendAlert": false, "title": "Out-of-bounds Write", "upgradePath": [ false, "procps-ng/libproc2@4.0.4-r0" ], "version": "4.0.3-r1" } ], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "apk", "path": "cyberdojo/shas:7c5efcb/shas", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-ALPINE318-PROCPSNG-5877704:\n - '*':\n reason: Wait for fix in base image\n expires: 2023-10-16T04:33:51.513Z\n created: 2023-09-16T04:33:51.517Z\n source: cli\npatch: {}\n", "projectName": "docker-image|cyberdojo/shas", "summary": "No known operating system vulnerabilities", "uniqueCount": 0, "vulnerabilities": [] }, "created_at": 1694934941.2911282, "has_audit_package": true }