dockerhub.hi.inet evolved 5g fogusnetapp nef_emulator_mongo express_1 - Telefonica/Evolved5g-FogusNetApp Wiki

Scan of image: dockerhub.hi.inet/evolved-5g/fogusnetapp-nef_emulator_mongo-express_1


Summary

Severity Number of vulnerabilities
CRITICAL 4
HIGH 24
MEDIUM 5
LOW 1

Vulnerabilities

Severity ID Title PkgName InstalledVersion FixedVersion
CRITICAL CVE-2020-7699 Prototype Pollution in express-fileupload express-fileupload 0.4.0 1.1.9
CRITICAL CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability json-schema 0.2.3 0.4.0
CRITICAL CVE-2021-44906 minimist: prototype pollution minimist 0.0.10 1.2.6
CRITICAL CVE-2021-44906 minimist: prototype pollution minimist 1.2.5 1.2.6
HIGH CVE-2021-42378 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr busybox 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42379 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr busybox 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42380 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr busybox 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42381 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr busybox 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42382 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr busybox 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42383 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr busybox 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42384 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr busybox 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42385 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr busybox 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42386 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr busybox 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42378 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr ssl_client 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42379 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr ssl_client 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42380 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr ssl_client 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42381 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr ssl_client 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42382 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr ssl_client 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42383 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr ssl_client 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42384 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr ssl_client 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42385 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr ssl_client 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-42386 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when pr ssl_client 1.31.1-r10 1.31.1-r11
HIGH CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes ansi-regex 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1
HIGH CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes ansi-regex 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1
HIGH CVE-2021-43138 Prototype Pollution in async async 3.2.1 2.6.4, 3.2.2
HIGH CVE-2022-24434 Crash in HeaderParser in dicer dicer 0.2.5
HIGH CVE-2020-8116 nodejs-dot-prop: prototype pollution dot-prop 3.0.0 5.1.1, 4.2.1
HIGH CVE-2022-24785 Moment.js: Path traversal in moment.locale moment 2.29.1 2.29.2
MEDIUM CVE-2021-42374 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when cr busybox 1.31.1-r10 1.31.1-r11
MEDIUM CVE-2021-42374 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when cr ssl_client 1.31.1-r10 1.31.1-r11
MEDIUM CVE-2022-33987 The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allow ... got 5.7.1 11.8.5, 12.1.0
MEDIUM CVE-2022-33987 The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allow ... got 6.7.1 11.8.5, 12.1.0
MEDIUM CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using minimist 0.0.10 1.2.3, 0.2.1
LOW GHSA-q3w9-g74q-vp5f Denial of Service in express-fileupload express-fileupload 0.4.0 1.1.6-alpha.6, 1.1.6-alpha.6, 1.1.6-alpha.6, 1.1.6-alpha.6, 1.1.6-alpha.6

Date: 2022-06-23