Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Container securtity scans fail for zenko cloudserver controler 8.3.9 from Jan 22, 2022 #4352

Open
ahrycej opened this issue Mar 21, 2022 · 0 comments

Comments

@ahrycej
Copy link

ahrycej commented Mar 21, 2022

General support information

GitHub Issues are reserved for actionable bug reports (including
documentation inaccuracies), and feature requests.
All questions (regarding configuration, use cases, performance, community,
events, setup and usage recommendations, among other things) should be asked on
the Zenko Forum.

Questions opened as GitHub issues will systematically be closed, and moved to
the Zenko Forum.


Avoiding duplicates

When reporting a new issue/requesting a feature, make sure that we do not have
any duplicates already open:

  • search the issue list for this repository (use the search bar, select
    "Issues" on the left pane after searching);
  • if there is a duplicate, please do not open your issue, and add a comment
    to the existing issue instead.

Bug report information

zenko cloud server controller latest version
is having too many vulnerabilities that could have been fixed.
This software does not pass security scans hence is not really usable.

Description

118 vulnerabilities with fixes found in non-os packages.

Steps to reproduce the issue

run anchore enterprise or grype on the zenko docker image and check non-OS vulnerabilities

Actual result

118 vulnerabilities with fixes found in non-os packages.

{"metadata":{"registry":"xxx-lite-docker-local.artifactory-xxx2.int.xxx.xxx.com","repository":"basic-zenko-cloudserver","tag":"64a324c0775ec300dc2e8f6ffcb59c8","imageDigest":"sha256:26f4e05b72fe5a899857de968c6c4c42c8e6208caae151cd3674df9","timestamp":"2022-03-21T11:25:22.930Z"},"securityEvaluation":[{"vulnerabilityId":"CVE-2021-23358","severity":"Critical","packageType":"npm","path":"/usr/src/app/node_modules/utapi/node_modules/underscore/package.json","package":"underscore-1.4.4","fixAvailable":"1.12.1,1.13.0-2","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-252705"},{"vulnerabilityId":"GHSA-p92x-r36w-9395","severity":"Critical","packageType":"npm","path":"/usr/src/app/node_modules/mpath/package.json","package":"mpath-0.5.2","fixAvailable":"0.8.4","link":"https://github.com/advisories/GHSA-p92x-r36w-9395"},{"vulnerabilityId":"CVE-2020-15366","severity":"Critical","packageType":"npm","path":"/usr/src/app/node_modules/ajv/package.json","package":"ajv-6.12.2","fixAvailable":"6.12.3","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-233617"},{"vulnerabilityId":"GHSA-rq8g-5pc5-wrhr","severity":"Critical","packageType":"npm","path":"/usr/src/app/node_modules/cryptiles/package.json","package":"cryptiles-2.0.5","fixAvailable":"4.1.2","link":"https://github.com/advisories/GHSA-rq8g-5pc5-wrhr"},{"vulnerabilityId":"CVE-2020-7774","severity":"Critical","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/y18n/package.json","package":"y18n-4.0.0","fixAvailable":"3.2.2,4.0.1,5.0.5","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-242996"},{"vulnerabilityId":"GHSA-72mh-269x-7mh5","severity":"Critical","packageType":"npm","path":"/usr/src/app/node_modules/xmlhttprequest-ssl/package.json","package":"xmlhttprequest-ssl-1.5.5","fixAvailable":"1.6.1","link":"https://github.com/advisories/GHSA-72mh-269x-7mh5"},{"vulnerabilityId":"CVE-2020-26301","severity":"Critical","packageType":"npm","path":"/usr/src/app/node_modules/ssh2/package.json","package":"ssh2-0.8.9","fixAvailable":"1.0.0","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-267434"},{"vulnerabilityId":"CVE-2021-23358","severity":"Critical","packageType":"npm","path":"/usr/src/app/node_modules/underscore/package.json","package":"underscore-1.8.3","fixAvailable":"1.12.1,1.13.0-2","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-252705"},{"vulnerabilityId":"GHSA-jf85-cpcp-j695","severity":"Critical","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/simple-glob/node_modules/lodash/package.json","package":"lodash-2.4.2","fixAvailable":"4.17.12","link":"https://github.com/advisories/GHSA-jf85-cpcp-j695"},{"vulnerabilityId":"CVE-2021-42740","severity":"Critical","packageType":"npm","path":"/usr/src/app/node_modules/shell-quote/package.json","package":"shell-quote-1.7.2","fixAvailable":"1.7.3","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-271474"},{"vulnerabilityId":"CVE-2020-7774","severity":"Critical","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/yargs/node_modules/y18n/package.json","package":"y18n-3.2.1","fixAvailable":"3.2.2,4.0.1,5.0.5","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-242996"},{"vulnerabilityId":"CVE-2020-7788","severity":"Critical","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/ini/package.json","package":"ini-1.3.5","fixAvailable":"1.3.6","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-244597"},{"vulnerabilityId":"GHSA-4xc9-xhrj-v574","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/simple-glob/node_modules/lodash/package.json","package":"lodash-2.4.2","fixAvailable":"4.17.11","link":"https://github.com/advisories/GHSA-4xc9-xhrj-v574"},{"vulnerabilityId":"GHSA-qq89-hq3f-393p","severity":"High","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/tar/package.json","package":"tar-4.4.13","fixAvailable":"4.4.18","link":"https://github.com/advisories/GHSA-qq89-hq3f-393p"},{"vulnerabilityId":"GHSA-3jfq-g458-7qm9","severity":"High","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/tar/package.json","package":"tar-4.4.13","fixAvailable":"4.4.14","link":"https://github.com/advisories/GHSA-3jfq-g458-7qm9"},{"vulnerabilityId":"GHSA-p6mc-m468-83gw","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/simple-glob/node_modules/lodash/package.json","package":"lodash-2.4.2","fixAvailable":"4.17.19","link":"https://github.com/advisories/GHSA-p6mc-m468-83gw"},{"vulnerabilityId":"CVE-2015-8315","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/utapi/node_modules/arsenal/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.7,2.6.8,2.6.9,3.0.0,3.0.1,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-130613"},{"vulnerabilityId":"CVE-2015-8315","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/engine.io/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.7,2.6.8,2.6.9,3.0.0,3.0.1,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-130613"},{"vulnerabilityId":"CVE-2021-33502","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/normalize-url/package.json","package":"normalize-url-4.5.0","fixAvailable":"4.5.1,5.3.1,6.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-257459"},{"vulnerabilityId":"CVE-2021-23490","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/parse-link-header/package.json","package":"parse-link-header-1.0.1","fixAvailable":"2.0.0","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-277163"},{"vulnerabilityId":"GHSA-cph5-m8f7-6c5x","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/axios/package.json","package":"axios-0.18.1","fixAvailable":"0.21.2","link":"https://github.com/advisories/GHSA-cph5-m8f7-6c5x"},{"vulnerabilityId":"CVE-2020-36049","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/socket.io-parser/package.json","package":"socket.io-parser-2.3.1","fixAvailable":"3.3.2,3.4.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-246508"},{"vulnerabilityId":"GHSA-9j49-mfvp-vmhm","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/pac-resolver/package.json","package":"pac-resolver-3.0.0","fixAvailable":"5.0.0","link":"https://github.com/advisories/GHSA-9j49-mfvp-vmhm"},{"vulnerabilityId":"GHSA-4w2v-q235-vp99","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/axios/package.json","package":"axios-0.18.1","fixAvailable":"0.21.1","link":"https://github.com/advisories/GHSA-4w2v-q235-vp99"},{"vulnerabilityId":"CVE-2015-8315","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/socket.io/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.7,2.6.8,2.6.9,3.0.0,3.0.1,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-130613"},{"vulnerabilityId":"VULNDB-282782","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/minimatch/package.json","package":"minimatch-3.0.4","fixAvailable":"3.0.5","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-282782"},{"vulnerabilityId":"GHSA-hxm2-r34f-qmc5","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/minimatch/package.json","package":"minimatch-0.2.14","fixAvailable":"3.0.2","link":"https://github.com/advisories/GHSA-hxm2-r34f-qmc5"},{"vulnerabilityId":"GHSA-rrc9-gqf8-8rwg","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/utapi/node_modules/arsenal/node_modules/aws-sdk/package.json","package":"aws-sdk-2.80.0","fixAvailable":"2.814.0","link":"https://github.com/advisories/GHSA-rrc9-gqf8-8rwg"},{"vulnerabilityId":"GHSA-j4f2-536g-r55m","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/engine.io/package.json","package":"engine.io-1.8.5","fixAvailable":"4.0.0","link":"https://github.com/advisories/GHSA-j4f2-536g-r55m"},{"vulnerabilityId":"GHSA-35jh-r3h4-6jhm","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/simple-glob/node_modules/lodash/package.json","package":"lodash-2.4.2","fixAvailable":"4.17.21","link":"https://github.com/advisories/GHSA-35jh-r3h4-6jhm"},{"vulnerabilityId":"VULNDB-252670","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/xxxmask/package.json","package":"xxxmask-1.0.6","fixAvailable":"2.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-252670"},{"vulnerabilityId":"GHSA-rrc9-gqf8-8rwg","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/bucketclient/node_modules/aws-sdk/package.json","package":"aws-sdk-2.80.0","fixAvailable":"2.814.0","link":"https://github.com/advisories/GHSA-rrc9-gqf8-8rwg"},{"vulnerabilityId":"GHSA-h4j5-c7cj-74xg","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/xmlhttprequest-ssl/package.json","package":"xmlhttprequest-ssl-1.5.5","fixAvailable":"1.6.2","link":"https://github.com/advisories/GHSA-h4j5-c7cj-74xg"},{"vulnerabilityId":"CVE-2015-8315","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/arsenal/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.7,2.6.8,2.6.9,3.0.0,3.0.1,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-130613"},{"vulnerabilityId":"GHSA-r628-mhmh-qjhw","severity":"High","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/tar/package.json","package":"tar-4.4.13","fixAvailable":"4.4.15","link":"https://github.com/advisories/GHSA-r628-mhmh-qjhw"},{"vulnerabilityId":"GHSA-wpg7-2c88-r8xv","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/simple-get/package.json","package":"simple-get-2.8.1","fixAvailable":"2.8.2","link":"https://github.com/advisories/GHSA-wpg7-2c88-r8xv"},{"vulnerabilityId":"CVE-2020-36049","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/socket.io-client/node_modules/socket.io-parser/package.json","package":"socket.io-parser-3.3.1","fixAvailable":"3.3.2,3.4.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-246508"},{"vulnerabilityId":"VULNDB-282782","severity":"High","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/minimatch/package.json","package":"minimatch-3.0.4","fixAvailable":"3.0.5","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-282782"},{"vulnerabilityId":"CVE-2021-27290","severity":"High","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/ssri/package.json","package":"ssri-6.0.1","fixAvailable":"6.0.2,8.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-251642"},{"vulnerabilityId":"GHSA-v8w9-2789-6hhr","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/mongodb-core/node_modules/bson/package.json","package":"bson-1.0.9","fixAvailable":"1.1.4","link":"https://github.com/advisories/GHSA-v8w9-2789-6hhr"},{"vulnerabilityId":"GHSA-92xj-mqp7-vmcj","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/node-forge/package.json","package":"node-forge-0.7.6","fixAvailable":"0.10.0","link":"https://github.com/advisories/GHSA-92xj-mqp7-vmcj"},{"vulnerabilityId":"GHSA-rrc9-gqf8-8rwg","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/arsenal/node_modules/aws-sdk/package.json","package":"aws-sdk-2.80.0","fixAvailable":"2.814.0","link":"https://github.com/advisories/GHSA-rrc9-gqf8-8rwg"},{"vulnerabilityId":"GHSA-92xj-mqp7-vmcj","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/google-p12-pem/node_modules/node-forge/package.json","package":"node-forge-0.8.5","fixAvailable":"0.10.0","link":"https://github.com/advisories/GHSA-92xj-mqp7-vmcj"},{"vulnerabilityId":"GHSA-74fj-2j2h-c42q","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/follow-redirects/package.json","package":"follow-redirects-1.13.1","fixAvailable":"1.14.7","link":"https://github.com/advisories/GHSA-74fj-2j2h-c42q"},{"vulnerabilityId":"GHSA-r683-j2x4-v87g","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/node-fetch/package.json","package":"node-fetch-2.6.1","fixAvailable":"2.6.7","link":"https://github.com/advisories/GHSA-r683-j2x4-v87g"},{"vulnerabilityId":"GHSA-mh5c-679w-hh4r","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/mongodb/package.json","package":"mongodb-2.2.36","fixAvailable":"3.1.13","link":"https://github.com/advisories/GHSA-mh5c-679w-hh4r"},{"vulnerabilityId":"GHSA-74fj-2j2h-c42q","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/axios/node_modules/follow-redirects/package.json","package":"follow-redirects-1.5.10","fixAvailable":"1.14.7","link":"https://github.com/advisories/GHSA-74fj-2j2h-c42q"},{"vulnerabilityId":"GHSA-9r2w-394v-53qc","severity":"High","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/tar/package.json","package":"tar-4.4.13","fixAvailable":"4.4.16","link":"https://github.com/advisories/GHSA-9r2w-394v-53qc"},{"vulnerabilityId":"GHSA-hxm2-r34f-qmc5","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/glob/node_modules/minimatch/package.json","package":"minimatch-0.3.0","fixAvailable":"3.0.2","link":"https://github.com/advisories/GHSA-hxm2-r34f-qmc5"},{"vulnerabilityId":"CVE-2020-36049","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/socket.io/node_modules/socket.io-client/node_modules/socket.io-parser/package.json","package":"socket.io-parser-3.3.1","fixAvailable":"3.3.2,3.4.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-246508"},{"vulnerabilityId":"GHSA-ff7x-qrg7-qggm","severity":"High","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/dot-prop/package.json","package":"dot-prop-4.2.0","fixAvailable":"4.2.1","link":"https://github.com/advisories/GHSA-ff7x-qrg7-qggm"},{"vulnerabilityId":"CVE-2020-36048","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/engine.io/package.json","package":"engine.io-3.4.2","fixAvailable":"4.0.0","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-246507"},{"vulnerabilityId":"CVE-2020-8244","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/utapi/node_modules/request/node_modules/bl/package.json","package":"bl-1.1.2","fixAvailable":"1.2.3,2.2.1,3.0.1,4.0.3","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-237400"},{"vulnerabilityId":"GHSA-5955-9wpr-37jh","severity":"High","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/tar/package.json","package":"tar-4.4.13","fixAvailable":"4.4.18","link":"https://github.com/advisories/GHSA-5955-9wpr-37jh"},{"vulnerabilityId":"CVE-2020-8244","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/level-sublevel/node_modules/bl/package.json","package":"bl-0.8.2","fixAvailable":"1.2.3,2.2.1,3.0.1,4.0.3","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-237400"},{"vulnerabilityId":"CVE-2021-23337","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/lodash/package.json","package":"lodash-4.17.20","fixAvailable":"4.17.21","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-249703"},{"vulnerabilityId":"CVE-2020-7754","severity":"High","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/npm-user-validate/package.json","package":"npm-user-validate-1.0.0","fixAvailable":"1.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-240639"},{"vulnerabilityId":"CVE-2015-8315","severity":"High","packageType":"npm","path":"/usr/src/app/node_modules/bucketclient/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.7,2.6.8,2.6.9,3.0.0,3.0.1,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-130613"},{"vulnerabilityId":"GHSA-p9pc-299p-vxgp","severity":"Medium","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/yargs-parser/package.json","package":"yargs-parser-9.0.2","fixAvailable":"13.1.2","link":"https://github.com/advisories/GHSA-p9pc-299p-vxgp"},{"vulnerabilityId":"CVE-2017-16137","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/utapi/node_modules/arsenal/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.9,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-166319"},{"vulnerabilityId":"GHSA-xx4c-jj58-r7x6","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/z-schema/node_modules/validator/package.json","package":"validator-12.2.0","fixAvailable":"13.7.0","link":"https://github.com/advisories/GHSA-xx4c-jj58-r7x6"},{"vulnerabilityId":"GHSA-x5rq-j2xg-h7qm","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/simple-glob/node_modules/lodash/package.json","package":"lodash-2.4.2","fixAvailable":"4.17.11","link":"https://github.com/advisories/GHSA-x5rq-j2xg-h7qm"},{"vulnerabilityId":"GHSA-wrw9-m778-g6mc","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/level-sublevel/node_modules/bl/package.json","package":"bl-0.8.2","fixAvailable":"0.9.5","link":"https://github.com/advisories/GHSA-wrw9-m778-g6mc"},{"vulnerabilityId":"CVE-2021-3807","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/widest-line/node_modules/ansi-regex/package.json","package":"ansi-regex-5.0.0","fixAvailable":"2.1.1,5.0.1,6.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-267880"},{"vulnerabilityId":"GHSA-v88g-cgmw-v5xw","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/ajv/package.json","package":"ajv-4.10.0","fixAvailable":"6.12.3","link":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw"},{"vulnerabilityId":"CVE-2021-23343","severity":"Medium","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/path-parse/package.json","package":"path-parse-1.0.6","fixAvailable":"1.0.7","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-255658"},{"vulnerabilityId":"CVE-2021-23343","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/path-parse/package.json","package":"path-parse-1.0.6","fixAvailable":"1.0.7","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-255658"},{"vulnerabilityId":"GHSA-896r-f27r-55mw","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/json-schema/package.json","package":"json-schema-0.2.3","fixAvailable":"0.4.0","link":"https://github.com/advisories/GHSA-896r-f27r-55mw"},{"vulnerabilityId":"GHSA-xx4c-jj58-r7x6","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/oas-tools/node_modules/validator/package.json","package":"validator-13.5.2","fixAvailable":"13.7.0","link":"https://github.com/advisories/GHSA-xx4c-jj58-r7x6"},{"vulnerabilityId":"GHSA-fxwf-4rqh-v8g3","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/socket.io/package.json","package":"socket.io-1.7.4","fixAvailable":"2.4.0","link":"https://github.com/advisories/GHSA-fxwf-4rqh-v8g3"},{"vulnerabilityId":"GHSA-8fr3-hfg3-gpgp","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/google-p12-pem/node_modules/node-forge/package.json","package":"node-forge-0.8.5","fixAvailable":"1.0.0","link":"https://github.com/advisories/GHSA-8fr3-hfg3-gpgp"},{"vulnerabilityId":"GHSA-8fr3-hfg3-gpgp","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/node-forge/package.json","package":"node-forge-0.7.6","fixAvailable":"1.0.0","link":"https://github.com/advisories/GHSA-8fr3-hfg3-gpgp"},{"vulnerabilityId":"CVE-2017-16137","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/engine.io/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.9,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-166319"},{"vulnerabilityId":"CVE-2021-23362","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/snyk-module/node_modules/hosted-git-info/package.json","package":"hosted-git-info-3.0.7","fixAvailable":"2.8.9,3.0.8","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-252339"},{"vulnerabilityId":"CVE-2021-3807","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/snyk/node_modules/ansi-regex/package.json","package":"ansi-regex-5.0.0","fixAvailable":"2.1.1,5.0.1,6.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-267880"},{"vulnerabilityId":"GHSA-29mw-wpgm-hmr9","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/simple-glob/node_modules/lodash/package.json","package":"lodash-2.4.2","fixAvailable":"4.17.21","link":"https://github.com/advisories/GHSA-29mw-wpgm-hmr9"},{"vulnerabilityId":"CVE-2017-16137","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/socket.io/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.9,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-166319"},{"vulnerabilityId":"CVE-2021-3807","severity":"Medium","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/cliui/node_modules/ansi-regex/package.json","package":"ansi-regex-3.0.0","fixAvailable":"2.1.1,5.0.1,6.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-267880"},{"vulnerabilityId":"CVE-2021-23362","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/snyk-cpp-plugin/node_modules/hosted-git-info/package.json","package":"hosted-git-info-3.0.7","fixAvailable":"2.8.9,3.0.8","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-252339"},{"vulnerabilityId":"CVE-2021-32640","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/ws/package.json","package":"ws-5.2.2","fixAvailable":"7.4.5","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-257602"},{"vulnerabilityId":"CVE-2021-3807","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/strip-ansi/node_modules/ansi-regex/package.json","package":"ansi-regex-4.1.0","fixAvailable":"2.1.1,5.0.1,6.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-267880"},{"vulnerabilityId":"GHSA-qgmg-gppg-76g5","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/validator/package.json","package":"validator-9.4.1","fixAvailable":"13.7.0","link":"https://github.com/advisories/GHSA-qgmg-gppg-76g5"},{"vulnerabilityId":"GHSA-xc7v-wxcw-j472","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/utapi/node_modules/tunnel-agent/package.json","package":"tunnel-agent-0.4.3","fixAvailable":"0.6.0","link":"https://github.com/advisories/GHSA-xc7v-wxcw-j472"},{"vulnerabilityId":"GHSA-jg8v-48h5-wgxg","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/jszip/package.json","package":"jszip-3.5.0","fixAvailable":"3.7.0","link":"https://github.com/advisories/GHSA-jg8v-48h5-wgxg"},{"vulnerabilityId":"GHSA-4jwp-vfvf-657p","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/mongodb-core/node_modules/bson/package.json","package":"bson-1.0.9","fixAvailable":"1.1.4","link":"https://github.com/advisories/GHSA-4jwp-vfvf-657p"},{"vulnerabilityId":"GHSA-qgmg-gppg-76g5","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/oas-tools/node_modules/validator/package.json","package":"validator-13.5.2","fixAvailable":"13.7.0","link":"https://github.com/advisories/GHSA-qgmg-gppg-76g5"},{"vulnerabilityId":"GHSA-jg8v-48h5-wgxg","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/snyk-nuget-plugin/node_modules/jszip/package.json","package":"jszip-3.4.0","fixAvailable":"3.7.0","link":"https://github.com/advisories/GHSA-jg8v-48h5-wgxg"},{"vulnerabilityId":"GHSA-896r-f27r-55mw","severity":"Medium","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/json-schema/package.json","package":"json-schema-0.2.3","fixAvailable":"0.4.0","link":"https://github.com/advisories/GHSA-896r-f27r-55mw"},{"vulnerabilityId":"GHSA-qgmg-gppg-76g5","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/z-schema/node_modules/validator/package.json","package":"validator-12.2.0","fixAvailable":"13.7.0","link":"https://github.com/advisories/GHSA-qgmg-gppg-76g5"},{"vulnerabilityId":"CVE-2021-29060","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/color-string/package.json","package":"color-string-1.5.4","fixAvailable":"1.5.5","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-252094"},{"vulnerabilityId":"CVE-2020-28500","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/lodash/package.json","package":"lodash-4.17.20","fixAvailable":"4.17.21","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-249660"},{"vulnerabilityId":"CVE-2017-16137","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/bucketclient/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.9,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-166319"},{"vulnerabilityId":"CVE-2020-28481","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/socket.io/package.json","package":"socket.io-2.3.0","fixAvailable":"2.4.0,3.0.0","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-246840"},{"vulnerabilityId":"CVE-2021-3807","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/boxen/node_modules/ansi-regex/package.json","package":"ansi-regex-5.0.0","fixAvailable":"2.1.1,5.0.1,6.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-267880"},{"vulnerabilityId":"CVE-2021-23362","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/hosted-git-info/package.json","package":"hosted-git-info-2.8.8","fixAvailable":"2.8.9,3.0.8","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-252339"},{"vulnerabilityId":"CVE-2021-32640","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/engine.io-client/node_modules/ws/package.json","package":"ws-6.1.4","fixAvailable":"7.4.5","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-257602"},{"vulnerabilityId":"CVE-2021-3807","severity":"Medium","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/string-width/node_modules/ansi-regex/package.json","package":"ansi-regex-3.0.0","fixAvailable":"2.1.1,5.0.1,6.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-267880"},{"vulnerabilityId":"GHSA-pw2r-vq6v-hr8c","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/axios/node_modules/follow-redirects/package.json","package":"follow-redirects-1.5.10","fixAvailable":"1.14.8","link":"https://github.com/advisories/GHSA-pw2r-vq6v-hr8c"},{"vulnerabilityId":"CVE-2021-32640","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/engine.io/node_modules/ws/package.json","package":"ws-7.4.1","fixAvailable":"7.4.5","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-257602"},{"vulnerabilityId":"CVE-2017-16137","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/arsenal/node_modules/debug/package.json","package":"debug-4.1.1","fixAvailable":"2.6.9,3.1.0,3.2.7,4.3.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-166319"},{"vulnerabilityId":"CVE-2021-3807","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/wide-align/node_modules/ansi-regex/package.json","package":"ansi-regex-3.0.0","fixAvailable":"2.1.1,5.0.1,6.0.1","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-267880"},{"vulnerabilityId":"GHSA-pw2r-vq6v-hr8c","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/follow-redirects/package.json","package":"follow-redirects-1.13.1","fixAvailable":"1.14.8","link":"https://github.com/advisories/GHSA-pw2r-vq6v-hr8c"},{"vulnerabilityId":"GHSA-qrmc-fj45-qfc2","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/utapi/node_modules/extend/package.json","package":"extend-1.2.1","fixAvailable":"2.0.2","link":"https://github.com/advisories/GHSA-qrmc-fj45-qfc2"},{"vulnerabilityId":"GHSA-282f-qqgm-c34q","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/jsonpointer/package.json","package":"jsonpointer-4.1.0","fixAvailable":"5.0.0","link":"https://github.com/advisories/GHSA-282f-qqgm-c34q"},{"vulnerabilityId":"GHSA-v88g-cgmw-v5xw","severity":"Medium","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/ajv/package.json","package":"ajv-5.5.2","fixAvailable":"6.12.3","link":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw"},{"vulnerabilityId":"GHSA-jp4x-w63m-7wgm","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/hoek/package.json","package":"hoek-2.16.3","fixAvailable":"4.2.1","link":"https://github.com/advisories/GHSA-jp4x-w63m-7wgm"},{"vulnerabilityId":"GHSA-qgmg-gppg-76g5","severity":"Medium","packageType":"npm","path":"/usr/src/app/node_modules/utapi/node_modules/validator/package.json","package":"validator-3.22.2","fixAvailable":"13.7.0","link":"https://github.com/advisories/GHSA-qgmg-gppg-76g5"},{"vulnerabilityId":"CVE-2021-23362","severity":"Medium","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/hosted-git-info/package.json","package":"hosted-git-info-2.8.8","fixAvailable":"2.8.9,3.0.8","link":"https://anchore.int.xxx.xxx.com:443/v1/query/vulnerabilities?id=VULNDB-252339"},{"vulnerabilityId":"GHSA-gxpj-cx7g-858c","severity":"Low","packageType":"npm","path":"/usr/src/app/node_modules/socket.io-parser/node_modules/debug/package.json","package":"debug-2.2.0","fixAvailable":"2.6.9","link":"https://github.com/advisories/GHSA-gxpj-cx7g-858c"},{"vulnerabilityId":"GHSA-wxgw-qj99-44c2","severity":"Low","packageType":"npm","path":"/usr/src/app/node_modules/google-p12-pem/node_modules/node-forge/package.json","package":"node-forge-0.8.5","fixAvailable":"0.10.0","link":"https://github.com/advisories/GHSA-wxgw-qj99-44c2"},{"vulnerabilityId":"GHSA-5rrq-pxf6-6jx5","severity":"Low","packageType":"npm","path":"/usr/src/app/node_modules/google-p12-pem/node_modules/node-forge/package.json","package":"node-forge-0.8.5","fixAvailable":"1.0.0","link":"https://github.com/advisories/GHSA-5rrq-pxf6-6jx5"},{"vulnerabilityId":"GHSA-gxpj-cx7g-858c","severity":"Low","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/debug/package.json","package":"debug-2.3.3","fixAvailable":"2.6.9","link":"https://github.com/advisories/GHSA-gxpj-cx7g-858c"},{"vulnerabilityId":"GHSA-5rrq-pxf6-6jx5","severity":"Low","packageType":"npm","path":"/usr/src/app/node_modules/node-forge/package.json","package":"node-forge-0.7.6","fixAvailable":"1.0.0","link":"https://github.com/advisories/GHSA-5rrq-pxf6-6jx5"},{"vulnerabilityId":"GHSA-gf8q-jrpm-jvxq","severity":"Low","packageType":"npm","path":"/usr/src/app/node_modules/google-p12-pem/node_modules/node-forge/package.json","package":"node-forge-0.8.5","fixAvailable":"1.0.0","link":"https://github.com/advisories/GHSA-gf8q-jrpm-jvxq"},{"vulnerabilityId":"GHSA-gf8q-jrpm-jvxq","severity":"Low","packageType":"npm","path":"/usr/src/app/node_modules/node-forge/package.json","package":"node-forge-0.7.6","fixAvailable":"1.0.0","link":"https://github.com/advisories/GHSA-gf8q-jrpm-jvxq"},{"vulnerabilityId":"GHSA-fvqr-27wr-82fm","severity":"Low","packageType":"npm","path":"/usr/src/app/node_modules/vaultclient/node_modules/simple-glob/node_modules/lodash/package.json","package":"lodash-2.4.2","fixAvailable":"4.17.5","link":"https://github.com/advisories/GHSA-fvqr-27wr-82fm"},{"vulnerabilityId":"GHSA-xgh6-85xh-479p","severity":"Low","packageType":"npm","path":"/usr/local/lib/node_modules/npm/node_modules/npm-user-validate/package.json","package":"npm-user-validate-1.0.0","fixAvailable":"1.0.1","link":"https://github.com/advisories/GHSA-xgh6-85xh-479p"},{"vulnerabilityId":"GHSA-wxgw-qj99-44c2","severity":"Low","packageType":"npm","path":"/usr/src/app/node_modules/node-forge/package.json","package":"node-forge-0.7.6","fixAvailable":"0.10.0","link":"https://github.com/advisories/GHSA-wxgw-qj99-44c2"}]}f

Expected result

0 vulnerabilities that have a fix found

Additional information

  • Node.js version,
  • Docker version,
  • yarn version,
  • distribution/OS,
  • optional: anything else you deem helpful to us.

Feature Request

(delete this section (everything between the lines) if you're not requesting
a feature but reporting a bug)

Proposal

Describe the feature

Current behavior

What currently happens

Desired behavior

What you would like to happen

Use case

Please provide use cases for changing the current behavior

Additional information

  • Is this request for your company? Y/N
    • If Y: Company name:
    • Are you using any Scality Enterprise Edition products (RING, Zenko EE)? Y/N
  • Are you willing to contribute this feature yourself?
  • Position/Title:
  • How did you hear about us?

@ahrycej ahrycej changed the title Container securtity scans fail for zenko cloudserver controler Container securtity scans fail for zenko cloudserver controler 8.3.9 from Jan 22, 2022 Mar 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant