2024-09-03T03:44:43Z INFO Need to update DB 2024-09-03T03:44:43Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2" 2024-09-03T03:44:45Z INFO Vulnerability scanning is enabled 2024-09-03T03:44:45Z INFO Secret scanning is enabled 2024-09-03T03:44:45Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-09-03T03:44:45Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection 2024-09-03T03:44:45Z FATAL Fatal error image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: unable to find the specified image "ghcr.io/dpc-sdp/bay/mailpit:5.x" in ["docker" "containerd" "podman" "remote"]: 4 errors occurred: * docker error: unable to inspect the image (ghcr.io/dpc-sdp/bay/mailpit:5.x): Error response from daemon: No such image: ghcr.io/dpc-sdp/bay/mailpit:5.x * containerd error: failed to initialize a containerd client: failed to dial "/run/containerd/containerd.sock": connection error: desc = "transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied" * podman error: unable to inspect the image (ghcr.io/dpc-sdp/bay/mailpit:5.x): failed to find image ghcr.io/dpc-sdp/bay/mailpit:5.x: ghcr.io/dpc-sdp/bay/mailpit:5.x: No such image * remote error: GET https://ghcr.io/v2/dpc-sdp/bay/mailpit/manifests/5.x: MANIFEST_UNKNOWN: manifest unknown

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2023-39326 - MEDIUM severity - golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests vulnerability in stdlib

CVE-2023-45284 - MEDIUM severity - On Windows, The IsLocal function does not correctly detect reserved de ... vulnerability in stdlib

CVE-2023-45289 - MEDIUM severity - golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect vulnerability in stdlib

CVE-2023-45290 - MEDIUM severity - golang: net/http: memory exhaustion in Request.ParseMultipartForm vulnerability in stdlib

CVE-2024-24783 - MEDIUM severity - golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm vulnerability in stdlib

CVE-2024-24784 - MEDIUM severity - golang: net/mail: comments in display names are incorrectly handled vulnerability in stdlib

CVE-2024-24785 - MEDIUM severity - golang: html/template: errors returned from MarshalJSON methods may break template escaping vulnerability in stdlib

CVE-2024-24789 - MEDIUM severity - golang: archive/zip: Incorrect handling of certain ZIP files vulnerability in stdlib

CVE-2024-24791 - MEDIUM severity - net/http: Denial of service due to improper 100-continue handling in net/http vulnerability in stdlib