cyber-dojo
flows
web-archived-at-1709658792
artifacts
c2515f827a593dd0ff427adc56a7e72de1978ba64f2be21ee9dc0f3b9dc49fdc
By signing up, you agree to the
Terms of Service.
For more information about Kosli’s privacy practices, see the Kosli’s
Privacy Policy.
We’ll occasionally send you account-related emails.
We’ll occasionally send you account-related emails.
web-archived-at-1709658792
UX for practicing TDD
cyberdojo/web:10f0a98
Non-compliant
Download Evidence Package
JSON
{ "created_at": 1694929751.1027288, "fingerprint": "c2515f827a593dd0ff427adc56a7e72de1978ba64f2be21ee9dc0f3b9dc49fdc", "filename": "cyberdojo/web:10f0a98", "git_commit": "10f0a98eee3933bad252469329aabf0dee06d5d2", "build_url": "https://github.com/cyber-dojo/web/actions/runs/6211883291", "commit_url": "https://github.com/cyber-dojo/web/commit/10f0a98eee3933bad252469329aabf0dee06d5d2", "evidence": { "snyk-scan": { "evidence_type": "snyk", "is_compliant": false, "build_url": "https://github.com/cyber-dojo/web/actions/runs/6211883291", "evidence_archive_fingerprint": "38022e9058c70210edb512f48e27e3f9f1f941eb024dabb40cb0bbdd554520a4", "user_data": {}, "snyk_results": { "dependencyCount": 48, "docker": { "baseImage": "alpine:3.18.3", "baseImageRemediation": { "advice": [ { "bold": true, "message": "According to our scan, you are currently using the most secure version of the selected base image" } ], "code": "NO_REMEDIATION_AVAILABLE" }, "binariesVulns": { "affectedPkgs": {}, "issuesData": {} } }, "filesystemPolicy": true, "filtered": { "ignore": [], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": false, "org": "jonjagger", "packageManager": "apk", "path": "cyberdojo/web@sha256:c2515f827a593dd0ff427adc56a7e72de1978ba64f2be21ee9dc0f3b9dc49fdc/web", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "docker-image|cyberdojo/web", "summary": "2 vulnerable dependency paths", "uniqueCount": 1, "vulnerabilities": [ { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-22T03:06:12.046945Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-09-21T01:10:49.366299Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `curl` package and not the `curl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nWhen curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.\n## Remediation\nUpgrade `Alpine:3.18` `curl` to version 8.3.0-r0 or higher.\n## References\n- [support@hackerone.com](https://hackerone.com/reports/2072338)\n- [support@hackerone.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/)\n", "disclosureTime": "2023-09-15T04:15:10.127000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.14181", "probability": "0.00046" }, "exploit": "Not Defined", "fixedIn": [ "8.3.0-r0" ], "from": [ "docker-image|cyberdojo/web@*", "curl/libcurl@8.2.1-r0" ], "id": "SNYK-ALPINE318-CURL-5914628", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-38039" ], "CWE": [ "CWE-770" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-09-22T03:06:12.046959Z", "name": "curl/libcurl", "nearestFixedInVersion": "8.3.0-r0", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "curl", "patches": [], "publicationTime": "2023-09-22T03:06:12.022211Z", "references": [ { "title": "https://hackerone.com/reports/2072338", "url": "https://hackerone.com/reports/2072338" }, { "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<8.3.0-r0" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Allocation of Resources Without Limits or Throttling", "upgradePath": [ false, "curl/libcurl@8.3.0-r0" ], "version": "8.2.1-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-22T03:06:12.046945Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-09-21T01:10:49.366299Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `curl` package and not the `curl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nWhen curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.\n## Remediation\nUpgrade `Alpine:3.18` `curl` to version 8.3.0-r0 or higher.\n## References\n- [support@hackerone.com](https://hackerone.com/reports/2072338)\n- [support@hackerone.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/)\n", "disclosureTime": "2023-09-15T04:15:10.127000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.14181", "probability": "0.00046" }, "exploit": "Not Defined", "fixedIn": [ "8.3.0-r0" ], "from": [ "docker-image|cyberdojo/web@*", "git/git@2.40.1-r0", "curl/libcurl@8.2.1-r0" ], "id": "SNYK-ALPINE318-CURL-5914628", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-38039" ], "CWE": [ "CWE-770" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-09-22T03:06:12.046959Z", "name": "curl/libcurl", "nearestFixedInVersion": "8.3.0-r0", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "curl", "patches": [], "publicationTime": "2023-09-22T03:06:12.022211Z", "references": [ { "title": "https://hackerone.com/reports/2072338", "url": "https://hackerone.com/reports/2072338" }, { "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<8.3.0-r0" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Allocation of Resources Without Limits or Throttling", "upgradePath": [], "version": "8.2.1-r0" } ] }, "created_at": 1695817495.4822721, "has_audit_package": true } }, "git_commit_info": { "sha1": "10f0a98eee3933bad252469329aabf0dee06d5d2", "message": "Turn off Kosli coverage-report till it is working again", "author": "JonJagger <jon@kosli.com>", "timestamp": 1694929666, "branch": "main" }, "repo_url": "https://github.com/cyber-dojo/web", "template": [ "artifact", "snyk-scan" ], "last_modified_at": 1695817495.4822721, "deployments": [ 87, 86 ], "state": "NON-COMPLIANT", "html_url": "https://app.kosli.com/cyber-dojo/flows/web-archived-at-1709658792/artifacts/c2515f827a593dd0ff427adc56a7e72de1978ba64f2be21ee9dc0f3b9dc49fdc", "api_url": "https://app.kosli.com/api/v2/artifacts/cyber-dojo/web-archived-at-1709658792/fingerprint/c2515f827a593dd0ff427adc56a7e72de1978ba64f2be21ee9dc0f3b9dc49fdc" }
Artifact Information |
|
Name | cyberdojo/web:10f0a98 |
Fingerprint | c2515f827a593dd0ff427adc56a7e72de1978ba64f2be21ee9dc0f3b9dc49fdc |
Git commit |
10f0a98
JonJagger <jon@kosli.com> (main)
1694929666.0 • 8 months ago
Turn off Kosli coverage-report till it is working again
|
CI Build | https://github.com/cyber-dojo/web/actions/runs/6211883291 |
Running | - |
Exited | aws-beta#1800 aws-prod#1070 |
Last modified | 1695817495.4822721 • 7 months ago |
Approvals
None |
Evidence
Evidence for 'snyk-scan'
{ "evidence_type": "snyk", "name": "snyk-scan", "is_compliant": false, "build_url": "https://github.com/cyber-dojo/web/actions/runs/6211883291", "evidence_archive_fingerprint": "38022e9058c70210edb512f48e27e3f9f1f941eb024dabb40cb0bbdd554520a4", "user_data": {}, "snyk_results": { "dependencyCount": 48, "docker": { "baseImage": "alpine:3.18.3", "baseImageRemediation": { "advice": [ { "bold": true, "message": "According to our scan, you are currently using the most secure version of the selected base image" } ], "code": "NO_REMEDIATION_AVAILABLE" }, "binariesVulns": { "affectedPkgs": {}, "issuesData": {} } }, "filesystemPolicy": true, "filtered": { "ignore": [], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": false, "org": "jonjagger", "packageManager": "apk", "path": "cyberdojo/web@sha256:c2515f827a593dd0ff427adc56a7e72de1978ba64f2be21ee9dc0f3b9dc49fdc/web", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "docker-image|cyberdojo/web", "summary": "2 vulnerable dependency paths", "uniqueCount": 1, "vulnerabilities": [ { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-22T03:06:12.046945Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-09-21T01:10:49.366299Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `curl` package and not the `curl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nWhen curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.\n## Remediation\nUpgrade `Alpine:3.18` `curl` to version 8.3.0-r0 or higher.\n## References\n- [support@hackerone.com](https://hackerone.com/reports/2072338)\n- [support@hackerone.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/)\n", "disclosureTime": "2023-09-15T04:15:10.127000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.14181", "probability": "0.00046" }, "exploit": "Not Defined", "fixedIn": [ "8.3.0-r0" ], "from": [ "docker-image|cyberdojo/web@*", "curl/libcurl@8.2.1-r0" ], "id": "SNYK-ALPINE318-CURL-5914628", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-38039" ], "CWE": [ "CWE-770" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-09-22T03:06:12.046959Z", "name": "curl/libcurl", "nearestFixedInVersion": "8.3.0-r0", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "curl", "patches": [], "publicationTime": "2023-09-22T03:06:12.022211Z", "references": [ { "title": "https://hackerone.com/reports/2072338", "url": "https://hackerone.com/reports/2072338" }, { "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<8.3.0-r0" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Allocation of Resources Without Limits or Throttling", "upgradePath": [ false, "curl/libcurl@8.3.0-r0" ], "version": "8.2.1-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-09-22T03:06:12.046945Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-09-21T01:10:49.366299Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `curl` package and not the `curl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nWhen curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.\n## Remediation\nUpgrade `Alpine:3.18` `curl` to version 8.3.0-r0 or higher.\n## References\n- [support@hackerone.com](https://hackerone.com/reports/2072338)\n- [support@hackerone.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/)\n", "disclosureTime": "2023-09-15T04:15:10.127000Z", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.14181", "probability": "0.00046" }, "exploit": "Not Defined", "fixedIn": [ "8.3.0-r0" ], "from": [ "docker-image|cyberdojo/web@*", "git/git@2.40.1-r0", "curl/libcurl@8.2.1-r0" ], "id": "SNYK-ALPINE318-CURL-5914628", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-38039" ], "CWE": [ "CWE-770" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-09-22T03:06:12.046959Z", "name": "curl/libcurl", "nearestFixedInVersion": "8.3.0-r0", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "curl", "patches": [], "publicationTime": "2023-09-22T03:06:12.022211Z", "references": [ { "title": "https://hackerone.com/reports/2072338", "url": "https://hackerone.com/reports/2072338" }, { "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<8.3.0-r0" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Allocation of Resources Without Limits or Throttling", "upgradePath": [], "version": "8.2.1-r0" } ] }, "created_at": 1695817495.4822721, "has_audit_package": true }