CASS/scan-node.txt at master · cassproject/CASS · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180


## Overview

                   │       Analyzed Image
───────────────────┼─────────────────────────────
 Target            │  cass-cass:latest
   digest          │  f02e05741274
   platform        │ linux/amd64
   vulnerabilities │    0C     1H     6M    12L
   size            │ 218 MB
   packages        │ 770


## Packages and Vulnerabilities

   0C     1H     1M     0L  picomatch 4.0.3
pkg:npm/picomatch@4.0.3

    ✗ HIGH CVE-2026-33671 [Inefficient Regular Expression Complexity]
      https://scout.docker.com/v/CVE-2026-33671?s=github&n=picomatch&t=npm&vr=%3E%3D4.0.0%2C%3C4.0.4
      Affected range : >=4.0.0
                     : <4.0.4
      Fixed version  : 4.0.4
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    ✗ MEDIUM CVE-2026-33672 [Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')]
      https://scout.docker.com/v/CVE-2026-33672?s=github&n=picomatch&t=npm&vr=%3E%3D4.0.0%2C%3C4.0.4
      Affected range : >=4.0.0
                     : <4.0.4
      Fixed version  : 4.0.4
      CVSS Score     : 5.3
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N


   0C     0H     3M     0L  jose 2.0.7
pkg:npm/jose@2.0.7

    ✗ MEDIUM CVE-2021-29446 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
      https://scout.docker.com/v/CVE-2021-29446?s=gitlab&n=jose&t=npm&vr=%3C3.11.4
      Affected range : <3.11.4
      Fixed version  : 3.11.4
      CVSS Score     : 5.9
      CVSS Vector    : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

    ✗ MEDIUM CVE-2021-29445 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
      https://scout.docker.com/v/CVE-2021-29445?s=gitlab&n=jose&t=npm&vr=%3C3.11.4
      Affected range : <3.11.4
      Fixed version  : 3.11.4
      CVSS Score     : 5.9
      CVSS Vector    : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

    ✗ MEDIUM CVE-2021-29444 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
      https://scout.docker.com/v/CVE-2021-29444?s=gitlab&n=jose&t=npm&vr=%3C3.11.4
      Affected range : <3.11.4
      Fixed version  : 3.11.4
      CVSS Score     : 5.9
      CVSS Vector    : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N


   0C     0H     1M     1L  tar 1.34+dfsg-1.2+deb12u1
pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12

    ✗ MEDIUM CVE-2025-45582
      https://scout.docker.com/v/CVE-2025-45582?s=debian&n=tar&ns=debian&t=deb&osn=debian&osv=12&vr=%3E%3D1.34%2Bdfsg-1.2%2Bdeb12u1
      Affected range : >=1.34+dfsg-1.2+deb12u1
      Fixed version  : not fixed

    ✗ LOW CVE-2005-2541
      https://scout.docker.com/v/CVE-2005-2541?s=debian&n=tar&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D1.34%2Bdfsg-1.2%2Bdeb12u1
      Affected range : <=1.34+dfsg-1.2+deb12u1
      Fixed version  : not fixed


   0C     0H     1M     0L  brace-expansion 5.0.4
pkg:npm/brace-expansion@5.0.4

    ✗ MEDIUM CVE-2026-33750 [Uncontrolled Resource Consumption]
      https://scout.docker.com/v/CVE-2026-33750?s=github&n=brace-expansion&t=npm&vr=%3E%3D4.0.0%2C%3C5.0.5
      Affected range : >=4.0.0
                     : <5.0.5
      Fixed version  : 5.0.5
      CVSS Score     : 6.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H


   0C     0H     0M     2L  coreutils 9.1-1
pkg:deb/debian/coreutils@9.1-1?os_distro=bookworm&os_name=debian&os_version=12

    ✗ LOW CVE-2025-5278
      https://scout.docker.com/v/CVE-2025-5278?s=debian&n=coreutils&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D9.1-1
      Affected range : <=9.1-1
      Fixed version  : not fixed

    ✗ LOW CVE-2017-18018
      https://scout.docker.com/v/CVE-2017-18018?s=debian&n=coreutils&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D9.1-1
      Affected range : <=9.1-1
      Fixed version  : not fixed


   0C     0H     0M     2L  libgcrypt20 1.10.1-3
pkg:deb/debian/libgcrypt20@1.10.1-3?os_distro=bookworm&os_name=debian&os_version=12

    ✗ LOW CVE-2024-2236
      https://scout.docker.com/v/CVE-2024-2236?s=debian&n=libgcrypt20&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D1.10.1-3
      Affected range : <=1.10.1-3
      Fixed version  : not fixed

    ✗ LOW CVE-2018-6829
      https://scout.docker.com/v/CVE-2018-6829?s=debian&n=libgcrypt20&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D1.10.1-3
      Affected range : <=1.10.1-3
      Fixed version  : not fixed


   0C     0H     0M     2L  openssl 3.0.18-1~deb12u2
pkg:deb/debian/openssl@3.0.18-1~deb12u2?os_distro=bookworm&os_name=debian&os_version=12

    ✗ LOW CVE-2025-27587
      https://scout.docker.com/v/CVE-2025-27587?s=debian&n=openssl&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D3.0.18-1%7Edeb12u2
      Affected range : <=3.0.18-1~deb12u2
      Fixed version  : not fixed

    ✗ LOW CVE-2010-0928
      https://scout.docker.com/v/CVE-2010-0928?s=debian&n=openssl&ns=debian&t=deb&osn=debian&osv=12&vr=%3E%3D3.0.11-1%7Edeb12u2
      Affected range : >=3.0.11-1~deb12u2
      Fixed version  : not fixed


   0C     0H     0M     1L  gnutls28 3.7.9-2+deb12u6
pkg:deb/debian/gnutls28@3.7.9-2%2Bdeb12u6?os_distro=bookworm&os_name=debian&os_version=12

    ✗ LOW CVE-2011-3389
      https://scout.docker.com/v/CVE-2011-3389?s=debian&n=gnutls28&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D3.7.9-2%2Bdeb12u6
      Affected range : <=3.7.9-2+deb12u6
      Fixed version  : not fixed


   0C     0H     0M     1L  apt 2.6.1
pkg:deb/debian/apt@2.6.1?os_distro=bookworm&os_name=debian&os_version=12

    ✗ LOW CVE-2011-3374
      https://scout.docker.com/v/CVE-2011-3374?s=debian&n=apt&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D2.6.1
      Affected range : <=2.6.1
      Fixed version  : not fixed


   0C     0H     0M     1L  gnupg2 2.2.40-1.1+deb12u2
pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2?os_distro=bookworm&os_name=debian&os_version=12

    ✗ LOW CVE-2022-3219
      https://scout.docker.com/v/CVE-2022-3219?s=debian&n=gnupg2&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D2.2.40-1.1%2Bdeb12u2
      Affected range : <=2.2.40-1.1+deb12u2
      Fixed version  : not fixed


   0C     0H     0M     1L  gcc-12 12.2.0-14+deb12u1
pkg:deb/debian/gcc-12@12.2.0-14%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12

    ✗ LOW CVE-2022-27943
      https://scout.docker.com/v/CVE-2022-27943?s=debian&n=gcc-12&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D12.2.0-14%2Bdeb12u1
      Affected range : <=12.2.0-14+deb12u1
      Fixed version  : not fixed


   0C     0H     0M     1L  shadow 1:4.13+dfsg1-1+deb12u2
pkg:deb/debian/shadow@1%3A4.13%2Bdfsg1-1%2Bdeb12u2?os_distro=bookworm&os_name=debian&os_version=12

    ✗ LOW CVE-2007-5686
      https://scout.docker.com/v/CVE-2007-5686?s=debian&n=shadow&ns=debian&t=deb&osn=debian&osv=12&vr=%3C%3D1%3A4.13%2Bdfsg1-1%2Bdeb12u2
      Affected range : <=1:4.13+dfsg1-1+deb12u2
      Fixed version  : not fixed


19 vulnerabilities found in 12 packages
  CRITICAL  0
  HIGH      1
  MEDIUM    6
  LOW       12