2024-09-03T04:13:42Z INFO Need to update DB 2024-09-03T04:13:42Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2" 2024-09-03T04:13:44Z INFO Vulnerability scanning is enabled 2024-09-03T04:13:44Z INFO Secret scanning is enabled 2024-09-03T04:13:44Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-09-03T04:13:44Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection 2024-09-03T04:13:44Z FATAL Fatal error image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: unable to find the specified image "ghcr.io/dpc-sdp/bay/mailpit:5.x" in ["docker" "containerd" "podman" "remote"]: 4 errors occurred: * docker error: unable to inspect the image (ghcr.io/dpc-sdp/bay/mailpit:5.x): Error response from daemon: No such image: ghcr.io/dpc-sdp/bay/mailpit:5.x * containerd error: failed to initialize a containerd client: failed to dial "/run/containerd/containerd.sock": connection error: desc = "transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied" * podman error: unable to inspect the image (ghcr.io/dpc-sdp/bay/mailpit:5.x): failed to find image ghcr.io/dpc-sdp/bay/mailpit:5.x: ghcr.io/dpc-sdp/bay/mailpit:5.x: No such image * remote error: GET https://ghcr.io/v2/dpc-sdp/bay/mailpit/manifests/5.x: MANIFEST_UNKNOWN: manifest unknown

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

CVE-2022-37434 - CRITICAL severity - zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field vulnerability in zlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

The job was canceled because "mailpit" failed.

The operation was canceled.

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

CVE-2023-52425 - HIGH severity - expat: parsing large tokens can trigger a denial of service vulnerability in libexpat

CVE-2024-28757 - HIGH severity - expat: XML Entity Expansion vulnerability in libexpat

CVE-2024-25062 - HIGH severity - libxml2: use-after-free in XMLReader vulnerability in libxml2

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

The job was canceled because "mailpit" failed.

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

The operation was canceled.

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

The job was canceled because "mailpit" failed.

The operation was canceled.

CVE-2023-39326 - MEDIUM severity - golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests vulnerability in stdlib

CVE-2023-45284 - MEDIUM severity - On Windows, The IsLocal function does not correctly detect reserved de ... vulnerability in stdlib

CVE-2023-45289 - MEDIUM severity - golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect vulnerability in stdlib

CVE-2023-45290 - MEDIUM severity - golang: net/http: memory exhaustion in Request.ParseMultipartForm vulnerability in stdlib

CVE-2024-24783 - MEDIUM severity - golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm vulnerability in stdlib

CVE-2024-24784 - MEDIUM severity - golang: net/mail: comments in display names are incorrectly handled vulnerability in stdlib

CVE-2024-24785 - MEDIUM severity - golang: html/template: errors returned from MarshalJSON methods may break template escaping vulnerability in stdlib

CVE-2024-24789 - MEDIUM severity - golang: archive/zip: Incorrect handling of certain ZIP files vulnerability in stdlib

CVE-2024-24791 - MEDIUM severity - net/http: Denial of service due to improper 100-continue handling in net/http vulnerability in stdlib

CVE-2024-24786 - MEDIUM severity - golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON vulnerability in google.golang.org/protobuf

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox-binsh

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox-binsh

CVE-2024-4603 - MEDIUM severity - openssl: Excessive time spent checking DSA keys and parameters vulnerability in libcrypto3

CVE-2024-4741 - MEDIUM severity - openssl: Use After Free with SSL_free_buffers vulnerability in libcrypto3

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2023-39326 - MEDIUM severity - golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests vulnerability in stdlib

CVE-2023-45284 - MEDIUM severity - On Windows, The IsLocal function does not correctly detect reserved de ... vulnerability in stdlib

CVE-2023-45289 - MEDIUM severity - golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect vulnerability in stdlib

CVE-2023-45290 - MEDIUM severity - golang: net/http: memory exhaustion in Request.ParseMultipartForm vulnerability in stdlib

CVE-2024-24783 - MEDIUM severity - golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm vulnerability in stdlib

CVE-2024-24784 - MEDIUM severity - golang: net/mail: comments in display names are incorrectly handled vulnerability in stdlib

CVE-2024-24785 - MEDIUM severity - golang: html/template: errors returned from MarshalJSON methods may break template escaping vulnerability in stdlib

CVE-2024-24789 - MEDIUM severity - golang: archive/zip: Incorrect handling of certain ZIP files vulnerability in stdlib

CVE-2024-24791 - MEDIUM severity - net/http: Denial of service due to improper 100-continue handling in net/http vulnerability in stdlib

CVE-2024-24786 - MEDIUM severity - golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON vulnerability in google.golang.org/protobuf