22714 lines
830 KiB
JSON
22714 lines
830 KiB
JSON
{
|
|
"SchemaVersion": 2,
|
|
"Trivy": {
|
|
"Version": "0.69.0"
|
|
},
|
|
"ReportID": "019c2c34-a174-77a4-9b48-b54f741a9f49",
|
|
"CreatedAt": "2026-02-05T05:09:32.660503785Z",
|
|
"ArtifactID": "sha256:228fa2476e3ddcc5eae1f2412b801a7479406f308416ce466307103fe41e86d7",
|
|
"ArtifactName": ".",
|
|
"ArtifactType": "repository",
|
|
"Metadata": {
|
|
"RepoURL": "https://github.com/Wikid82/Charon.git",
|
|
"Branch": "hotfix/ci",
|
|
"Commit": "9d6c89e82f3962407b9d82f5d64b782d023bb2b8",
|
|
"CommitMsg": "fix(ci): add CI test validation summary and address critical issues found",
|
|
"Author": "GitHub Actions \u003cactions@github.com\u003e",
|
|
"Committer": "GitHub Actions \u003cactions@github.com\u003e"
|
|
},
|
|
"Results": [
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/!burnt!sushi/toml@v1.5.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/BurntSushi/toml",
|
|
"Name": "github.com/BurntSushi/toml",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/burntsushi/toml",
|
|
"UID": "6266316dd9d855a6"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/beorn7/perks@v1.0.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/beorn7/perks",
|
|
"Name": "github.com/beorn7/perks",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/beorn7/perks",
|
|
"UID": "1fd82ccde58a9f6"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/cespare/xxhash/v2@v2.3.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/cespare/xxhash/v2",
|
|
"Name": "github.com/cespare/xxhash/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/cespare/xxhash/v2",
|
|
"UID": "d2a4a797c0eae5ad"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/containerd/errdefs/pkg@v0.3.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/containerd/errdefs/pkg",
|
|
"Name": "github.com/containerd/errdefs/pkg",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/containerd/errdefs/pkg",
|
|
"UID": "f91698995013663d"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/containerd/errdefs@v0.3.0",
|
|
"github.com/containerd/typeurl/v2@v2.2.0",
|
|
"google.golang.org/genproto/googleapis/rpc@v0.0.0-20240903143218-8af14fe29dc1",
|
|
"google.golang.org/grpc@v1.67.0",
|
|
"google.golang.org/protobuf@v1.34.2",
|
|
"golang.org/x/sys@v0.24.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/containerd/errdefs@v0.3.0",
|
|
"Name": "github.com/containerd/errdefs",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/containerd/errdefs@v0.3.0",
|
|
"UID": "7012a18a6c083b57"
|
|
},
|
|
"Version": "v0.3.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/containerd/typeurl/v2@v2.2.0",
|
|
"Name": "github.com/containerd/typeurl/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/containerd/typeurl/v2@v2.2.0",
|
|
"UID": "ac618f05cf38528"
|
|
},
|
|
"Version": "v2.2.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/gogo/protobuf@v1.3.2",
|
|
"google.golang.org/protobuf@v1.34.2"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20240903143218-8af14fe29dc1",
|
|
"Name": "google.golang.org/genproto/googleapis/rpc",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20240903143218-8af14fe29dc1",
|
|
"UID": "769f3605d7dc8514"
|
|
},
|
|
"Version": "v0.0.0-20240903143218-8af14fe29dc1",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/grpc@v1.67.0",
|
|
"Name": "google.golang.org/grpc",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/grpc@v1.67.0",
|
|
"UID": "e8c481a15d0e4b2"
|
|
},
|
|
"Version": "v1.67.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/protobuf@v1.34.2",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.34.2",
|
|
"UID": "773bef0335a61648"
|
|
},
|
|
"Version": "v1.34.2",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gogo/protobuf@v1.3.2",
|
|
"Name": "github.com/gogo/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2",
|
|
"UID": "4f84a0e61c96f140"
|
|
},
|
|
"Version": "v1.3.2",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.24.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.24.0",
|
|
"UID": "62ddb74bc0a6844b"
|
|
},
|
|
"Version": "v0.24.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/containerd/errdefs@v1.0.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/containerd/errdefs",
|
|
"Name": "github.com/containerd/errdefs",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/containerd/errdefs",
|
|
"UID": "9a7032654f5f01e2"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/containrrr/shoutrrr@v0.8.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/containrrr/shoutrrr",
|
|
"Name": "github.com/containrrr/shoutrrr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/containrrr/shoutrrr",
|
|
"UID": "7a25b325e0b4fe6b"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/fatih/color@v1.15.0",
|
|
"github.com/jarcoal/httpmock@v1.3.0",
|
|
"github.com/mattn/go-colorable@v0.1.13",
|
|
"github.com/mattn/go-isatty@v0.0.17",
|
|
"github.com/onsi/ginkgo/v2@v2.9.2",
|
|
"github.com/onsi/gomega@v1.27.6",
|
|
"github.com/spf13/cobra@v1.7.0",
|
|
"github.com/spf13/viper@v1.15.0",
|
|
"golang.org/x/net@v0.8.0",
|
|
"golang.org/x/oauth2@v0.6.0",
|
|
"cloud.google.com/go/compute/metadata@v0.2.3",
|
|
"github.com/go-logr/logr@v1.2.3",
|
|
"github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572",
|
|
"github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38",
|
|
"golang.org/x/tools@v0.7.0",
|
|
"google.golang.org/appengine@v1.6.7"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/fatih/color@v1.15.0",
|
|
"Name": "github.com/fatih/color",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/color@v1.15.0",
|
|
"UID": "2fcc4f94256024db"
|
|
},
|
|
"Version": "v1.15.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-colorable@v0.1.13",
|
|
"github.com/mattn/go-isatty@v0.0.17",
|
|
"golang.org/x/sys@v0.6.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jarcoal/httpmock@v1.3.0",
|
|
"Name": "github.com/jarcoal/httpmock",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jarcoal/httpmock@v1.3.0",
|
|
"UID": "5f4738ed886fe8df"
|
|
},
|
|
"Version": "v1.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-colorable@v0.1.13",
|
|
"Name": "github.com/mattn/go-colorable",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.13",
|
|
"UID": "2e2e502090fa027"
|
|
},
|
|
"Version": "v0.1.13",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-isatty@v0.0.17"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-isatty@v0.0.17",
|
|
"Name": "github.com/mattn/go-isatty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.17",
|
|
"UID": "bc5a38fde2bf69ce"
|
|
},
|
|
"Version": "v0.0.17",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/onsi/ginkgo/v2@v2.9.2",
|
|
"Name": "github.com/onsi/ginkgo/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/onsi/ginkgo/v2@v2.9.2",
|
|
"UID": "36829709df6798f0"
|
|
},
|
|
"Version": "v2.9.2",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/onsi/gomega@v1.27.6",
|
|
"Name": "github.com/onsi/gomega",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/onsi/gomega@v1.27.6",
|
|
"UID": "da870372a985dafa"
|
|
},
|
|
"Version": "v1.27.6",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/golang/protobuf@v1.5.3",
|
|
"github.com/google/go-cmp@v0.5.9",
|
|
"github.com/onsi/ginkgo/v2@v2.9.2",
|
|
"golang.org/x/net@v0.8.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/spf13/cobra@v1.7.0",
|
|
"Name": "github.com/spf13/cobra",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/spf13/cobra@v1.7.0",
|
|
"UID": "dfa625c7dc34ec48"
|
|
},
|
|
"Version": "v1.7.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/inconshreveable/mousetrap@v1.1.0",
|
|
"github.com/spf13/pflag@v1.0.5",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/spf13/viper@v1.15.0",
|
|
"Name": "github.com/spf13/viper",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/spf13/viper@v1.15.0",
|
|
"UID": "21cbf4385d5301df"
|
|
},
|
|
"Version": "v1.15.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/fsnotify/fsnotify@v1.6.0",
|
|
"github.com/hashicorp/hcl@v1.0.0",
|
|
"github.com/magiconair/properties@v1.8.7",
|
|
"github.com/mitchellh/mapstructure@v1.5.0",
|
|
"github.com/pelletier/go-toml/v2@v2.0.6",
|
|
"github.com/spf13/afero@v1.9.3",
|
|
"github.com/spf13/cast@v1.5.0",
|
|
"github.com/spf13/jwalterweatherman@v1.1.0",
|
|
"github.com/spf13/pflag@v1.0.5",
|
|
"github.com/subosito/gotenv@v1.4.2",
|
|
"gopkg.in/ini.v1@v1.67.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.8.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.8.0",
|
|
"UID": "9c135806f6f840e4"
|
|
},
|
|
"Version": "v0.8.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/oauth2@v0.6.0",
|
|
"Name": "golang.org/x/oauth2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/oauth2@v0.6.0",
|
|
"UID": "fb67ff09699bce72"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "cloud.google.com/go/compute@v1.14.0",
|
|
"Name": "cloud.google.com/go/compute",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/cloud.google.com/go/compute@v1.14.0",
|
|
"UID": "2f54fc81a19e199e"
|
|
},
|
|
"Version": "v1.14.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"google.golang.org/protobuf@v1.28.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "cloud.google.com/go/compute/metadata@v0.2.3",
|
|
"Name": "cloud.google.com/go/compute/metadata",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.2.3",
|
|
"UID": "1d9df63e7cf02a7b"
|
|
},
|
|
"Version": "v0.2.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"cloud.google.com/go/compute@v1.14.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/fsnotify/fsnotify@v1.6.0",
|
|
"Name": "github.com/fsnotify/fsnotify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.6.0",
|
|
"UID": "1f297dc75a3b2b5"
|
|
},
|
|
"Version": "v1.6.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.6.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/logr@v1.2.3",
|
|
"Name": "github.com/go-logr/logr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/logr@v1.2.3",
|
|
"UID": "767ea0cecc35236"
|
|
},
|
|
"Version": "v1.2.3",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572",
|
|
"Name": "github.com/go-task/slim-sprig",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572",
|
|
"UID": "51302134344ae45b"
|
|
},
|
|
"Version": "v0.0.0-20230315185526-52ccab3ef572",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/golang/protobuf@v1.5.3",
|
|
"Name": "github.com/golang/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/golang/protobuf@v1.5.3",
|
|
"UID": "be942db3d67d2e14"
|
|
},
|
|
"Version": "v1.5.3",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.5.9",
|
|
"google.golang.org/protobuf@v1.28.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.5.9",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.5.9",
|
|
"UID": "a55a1d0853577e30"
|
|
},
|
|
"Version": "v0.5.9",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38",
|
|
"Name": "github.com/google/pprof",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38",
|
|
"UID": "f0f24ae3a6235d66"
|
|
},
|
|
"Version": "v0.0.0-20210407192527-94a9f03dee38",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/hashicorp/hcl@v1.0.0",
|
|
"Name": "github.com/hashicorp/hcl",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/hashicorp/hcl@v1.0.0",
|
|
"UID": "806d392f3bf7da1b"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"MPL-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/inconshreveable/mousetrap@v1.1.0",
|
|
"Name": "github.com/inconshreveable/mousetrap",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/inconshreveable/mousetrap@v1.1.0",
|
|
"UID": "4f4e1542aade7478"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/magiconair/properties@v1.8.7",
|
|
"Name": "github.com/magiconair/properties",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/magiconair/properties@v1.8.7",
|
|
"UID": "18f85cdf6105f8ca"
|
|
},
|
|
"Version": "v1.8.7",
|
|
"Licenses": [
|
|
"BSD-2-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mitchellh/mapstructure@v1.5.0",
|
|
"Name": "github.com/mitchellh/mapstructure",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0",
|
|
"UID": "565adc29bd317773"
|
|
},
|
|
"Version": "v1.5.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pelletier/go-toml/v2@v2.0.6",
|
|
"Name": "github.com/pelletier/go-toml/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pelletier/go-toml/v2@v2.0.6",
|
|
"UID": "4fe685ee54d5b622"
|
|
},
|
|
"Version": "v2.0.6",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/spf13/afero@v1.9.3",
|
|
"Name": "github.com/spf13/afero",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/spf13/afero@v1.9.3",
|
|
"UID": "de583fa19e97fe58"
|
|
},
|
|
"Version": "v1.9.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/oauth2@v0.6.0",
|
|
"golang.org/x/text@v0.8.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/spf13/cast@v1.5.0",
|
|
"Name": "github.com/spf13/cast",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/spf13/cast@v1.5.0",
|
|
"UID": "924fad67f3c5583a"
|
|
},
|
|
"Version": "v1.5.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/spf13/jwalterweatherman@v1.1.0",
|
|
"Name": "github.com/spf13/jwalterweatherman",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/spf13/jwalterweatherman@v1.1.0",
|
|
"UID": "44dad2978566e025"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/spf13/pflag@v1.0.5",
|
|
"Name": "github.com/spf13/pflag",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5",
|
|
"UID": "82615e8a48578e8f"
|
|
},
|
|
"Version": "v1.0.5",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/subosito/gotenv@v1.4.2",
|
|
"Name": "github.com/subosito/gotenv",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/subosito/gotenv@v1.4.2",
|
|
"UID": "5b2502afc952ca6c"
|
|
},
|
|
"Version": "v1.4.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.6.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.6.0",
|
|
"UID": "afce41b8d87c7e8f"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.8.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.8.0",
|
|
"UID": "145235ff6ab02663"
|
|
},
|
|
"Version": "v0.8.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.7.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.7.0",
|
|
"UID": "66bd240d663549ef"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/appengine@v1.6.7",
|
|
"Name": "google.golang.org/appengine",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/appengine@v1.6.7",
|
|
"UID": "40350c3ff7f3af63"
|
|
},
|
|
"Version": "v1.6.7",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/golang/protobuf@v1.5.3",
|
|
"golang.org/x/net@v0.8.0",
|
|
"golang.org/x/text@v0.8.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/protobuf@v1.28.1",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1",
|
|
"UID": "c2f1221a63507118"
|
|
},
|
|
"Version": "v1.28.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/ini.v1@v1.67.0",
|
|
"Name": "gopkg.in/ini.v1",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.0",
|
|
"UID": "fefa533aa4767a2d"
|
|
},
|
|
"Version": "v1.67.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "cb18926df9a43e59"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2023-39325",
|
|
"VendorIDs": [
|
|
"GHSA-4374-p667-p6c8"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.8.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.8.0",
|
|
"UID": "9c135806f6f840e4"
|
|
},
|
|
"InstalledVersion": "v0.8.0",
|
|
"FixedVersion": "0.17.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:a93660ba27a12ee587e62d82c9f7956ab048a94f2c981a4e85ce1b37bf813007",
|
|
"Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
|
|
"Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"bitnami": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"nvd": 3,
|
|
"oracle-oval": 2,
|
|
"redhat": 3,
|
|
"rocky": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"bitnami": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"golang.org/x/net",
|
|
"https://access.redhat.com/errata/RHSA-2023:5863",
|
|
"https://access.redhat.com/security/cve/CVE-2023-39325",
|
|
"https://access.redhat.com/security/cve/CVE-2023-44487",
|
|
"https://bugzilla.redhat.com/2242803",
|
|
"https://bugzilla.redhat.com/2243296",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2243296",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487",
|
|
"https://errata.almalinux.org/8/ALSA-2023-5863.html",
|
|
"https://errata.rockylinux.org/RLSA-2023:6077",
|
|
"https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]",
|
|
"https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]",
|
|
"https://github.com/golang/go/issues/63417",
|
|
"https://go.dev/cl/534215",
|
|
"https://go.dev/cl/534235",
|
|
"https://go.dev/issue/63417",
|
|
"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ",
|
|
"https://linux.oracle.com/cve/CVE-2023-39325.html",
|
|
"https://linux.oracle.com/errata/ELSA-2023-5867.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
|
|
"https://pkg.go.dev/vuln/GO-2023-2102",
|
|
"https://security.gentoo.org/glsa/202311-09",
|
|
"https://security.netapp.com/advisory/ntap-20231110-0008",
|
|
"https://security.netapp.com/advisory/ntap-20231110-0008/",
|
|
"https://ubuntu.com/security/notices/USN-6574-1",
|
|
"https://ubuntu.com/security/notices/USN-7061-1",
|
|
"https://ubuntu.com/security/notices/USN-7109-1",
|
|
"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
|
|
"https://www.cve.org/CVERecord?id=CVE-2023-39325"
|
|
],
|
|
"PublishedDate": "2023-10-11T22:15:09.88Z",
|
|
"LastModifiedDate": "2024-11-21T08:15:09.627Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2023-3978",
|
|
"VendorIDs": [
|
|
"GHSA-2wrh-6pvc-2jm9"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.8.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.8.0",
|
|
"UID": "9c135806f6f840e4"
|
|
},
|
|
"InstalledVersion": "v0.8.0",
|
|
"FixedVersion": "0.13.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3978",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:ac3f311d4fdef3763143a687c5efc813a9b86f8c0c67145c5b34008737c1dc48",
|
|
"Title": "golang.org/x/net/html: Cross site scripting",
|
|
"Description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-79"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"nvd": 2,
|
|
"oracle-oval": 2,
|
|
"redhat": 2,
|
|
"rocky": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"V3Score": 6.1
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"V3Score": 6.1
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"V3Score": 6.1
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2023:6939",
|
|
"https://access.redhat.com/security/cve/CVE-2023-3978",
|
|
"https://bugzilla.redhat.com/2163037",
|
|
"https://bugzilla.redhat.com/2174485",
|
|
"https://bugzilla.redhat.com/2175721",
|
|
"https://bugzilla.redhat.com/2178358",
|
|
"https://bugzilla.redhat.com/2178488",
|
|
"https://bugzilla.redhat.com/2178492",
|
|
"https://bugzilla.redhat.com/2182883",
|
|
"https://bugzilla.redhat.com/2182884",
|
|
"https://bugzilla.redhat.com/2184481",
|
|
"https://bugzilla.redhat.com/2184482",
|
|
"https://bugzilla.redhat.com/2184483",
|
|
"https://bugzilla.redhat.com/2184484",
|
|
"https://bugzilla.redhat.com/2196026",
|
|
"https://bugzilla.redhat.com/2196027",
|
|
"https://bugzilla.redhat.com/2196029",
|
|
"https://bugzilla.redhat.com/2222167",
|
|
"https://bugzilla.redhat.com/2228689",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2163037",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2174485",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2175721",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2178358",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2178488",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2178492",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2182883",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2182884",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184481",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184482",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184483",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184484",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2196026",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2196027",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2196029",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2222167",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2228689",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978",
|
|
"https://errata.almalinux.org/8/ALSA-2023-6939.html",
|
|
"https://errata.rockylinux.org/RLSA-2023:6939",
|
|
"https://go.dev/cl/514896",
|
|
"https://go.dev/issue/61615",
|
|
"https://linux.oracle.com/cve/CVE-2023-3978.html",
|
|
"https://linux.oracle.com/errata/ELSA-2023-6939.html",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2023-3978",
|
|
"https://pkg.go.dev/vuln/GO-2023-1988",
|
|
"https://www.cve.org/CVERecord?id=CVE-2023-3978"
|
|
],
|
|
"PublishedDate": "2023-08-02T20:15:12.097Z",
|
|
"LastModifiedDate": "2024-11-21T08:18:27.68Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2023-44487",
|
|
"VendorIDs": [
|
|
"GHSA-qppj-fm5r-hxr3"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.8.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.8.0",
|
|
"UID": "9c135806f6f840e4"
|
|
},
|
|
"InstalledVersion": "v0.8.0",
|
|
"FixedVersion": "0.17.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-44487",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:ed1a3227564dec4d6e551562ebad36d8f8a722695072d30b91f47089981be8ca",
|
|
"Title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
|
|
"Description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-400"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 3,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"bitnami": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 2,
|
|
"nvd": 3,
|
|
"oracle-oval": 3,
|
|
"photon": 3,
|
|
"redhat": 3,
|
|
"rocky": 3,
|
|
"ubuntu": 3
|
|
},
|
|
"CVSS": {
|
|
"bitnami": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H",
|
|
"V3Score": 5.3
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2023/10/10/6",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/10/7",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/13/4",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/13/9",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/18/4",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/18/8",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/19/6",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/20/8",
|
|
"http://www.openwall.com/lists/oss-security/2025/08/13/6",
|
|
"https://access.redhat.com/errata/RHSA-2024:1444",
|
|
"https://access.redhat.com/security/cve/CVE-2023-44487",
|
|
"https://access.redhat.com/security/cve/cve-2023-44487",
|
|
"https://akka.io/security/akka-http-cve-2023-44487.html",
|
|
"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size",
|
|
"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/",
|
|
"https://aws.amazon.com/security/security-bulletins/AWS-2023-011",
|
|
"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/",
|
|
"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack",
|
|
"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/",
|
|
"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack",
|
|
"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/",
|
|
"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty",
|
|
"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/",
|
|
"https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released",
|
|
"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack",
|
|
"https://blog.vespa.ai/cve-2023-44487",
|
|
"https://blog.vespa.ai/cve-2023-44487/",
|
|
"https://bugzilla.proxmox.com/show_bug.cgi?id=4988",
|
|
"https://bugzilla.redhat.com/2242803",
|
|
"https://bugzilla.redhat.com/2264574",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
|
|
"https://bugzilla.suse.com/show_bug.cgi?id=1216123",
|
|
"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9",
|
|
"https://chaos.social/@icing/111210915918780532",
|
|
"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps",
|
|
"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/",
|
|
"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack",
|
|
"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487",
|
|
"https://devblogs.microsoft.com/dotnet/october-2023-updates/",
|
|
"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715",
|
|
"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
|
|
"https://errata.almalinux.org/8/ALSA-2024-1444.html",
|
|
"https://errata.rockylinux.org/RLSA-2023:5838",
|
|
"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764",
|
|
"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088",
|
|
"https://github.com/Azure/AKS/issues/3947",
|
|
"https://github.com/Kong/kong/discussions/11741",
|
|
"https://github.com/advisories/GHSA-qppj-fm5r-hxr3",
|
|
"https://github.com/advisories/GHSA-vx74-f528-fxqg",
|
|
"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p",
|
|
"https://github.com/akka/akka-http/issues/4323",
|
|
"https://github.com/akka/akka-http/pull/4324",
|
|
"https://github.com/akka/akka-http/pull/4325",
|
|
"https://github.com/alibaba/tengine/issues/1872",
|
|
"https://github.com/apache/apisix/issues/10320",
|
|
"https://github.com/apache/httpd-site/pull/10",
|
|
"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113",
|
|
"https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628",
|
|
"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2",
|
|
"https://github.com/apache/trafficserver/pull/10564",
|
|
"https://github.com/apple/swift-nio-http2",
|
|
"https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3",
|
|
"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487",
|
|
"https://github.com/bcdannyboy/CVE-2023-44487",
|
|
"https://github.com/caddyserver/caddy/issues/5877",
|
|
"https://github.com/caddyserver/caddy/releases/tag/v2.7.5",
|
|
"https://github.com/dotnet/announcements/issues/277",
|
|
"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73",
|
|
"https://github.com/eclipse/jetty.project/issues/10679",
|
|
"https://github.com/envoyproxy/envoy/pull/30055",
|
|
"https://github.com/etcd-io/etcd/issues/16740",
|
|
"https://github.com/facebook/proxygen/pull/466",
|
|
"https://github.com/golang/go/issues/63417",
|
|
"https://github.com/grpc/grpc-go/pull/6703",
|
|
"https://github.com/grpc/grpc-go/releases",
|
|
"https://github.com/grpc/grpc/releases/tag/v1.59.2",
|
|
"https://github.com/h2o/h2o/pull/3291",
|
|
"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf",
|
|
"https://github.com/haproxy/haproxy/issues/2312",
|
|
"https://github.com/hyperium/hyper/issues/3337",
|
|
"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244",
|
|
"https://github.com/junkurihara/rust-rpxy/issues/97",
|
|
"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1",
|
|
"https://github.com/kazu-yamamoto/http2/issues/93",
|
|
"https://github.com/kubernetes/kubernetes/pull/121120",
|
|
"https://github.com/line/armeria/pull/5232",
|
|
"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632",
|
|
"https://github.com/micrictor/http2-rst-stream",
|
|
"https://github.com/microsoft/CBL-Mariner/pull/6381",
|
|
"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
|
|
"https://github.com/nghttp2/nghttp2/pull/1961",
|
|
"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0",
|
|
"https://github.com/ninenines/cowboy/issues/1615",
|
|
"https://github.com/nodejs/node/pull/50121",
|
|
"https://github.com/openresty/openresty/issues/930",
|
|
"https://github.com/opensearch-project/data-prepper/issues/3474",
|
|
"https://github.com/oqtane/oqtane.framework/discussions/3367",
|
|
"https://github.com/projectcontour/contour/pull/5826",
|
|
"https://github.com/tempesta-tech/tempesta/issues/1986",
|
|
"https://github.com/varnishcache/varnish-cache/issues/3996",
|
|
"https://go.dev/cl/534215",
|
|
"https://go.dev/cl/534235",
|
|
"https://go.dev/issue/63417",
|
|
"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo",
|
|
"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ",
|
|
"https://istio.io/latest/news/security/istio-security-2023-004",
|
|
"https://istio.io/latest/news/security/istio-security-2023-004/",
|
|
"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487",
|
|
"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/",
|
|
"https://linux.oracle.com/cve/CVE-2023-44487.html",
|
|
"https://linux.oracle.com/errata/ELSA-2024-1444.html",
|
|
"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/",
|
|
"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html",
|
|
"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html",
|
|
"https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html",
|
|
"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html",
|
|
"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2",
|
|
"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/",
|
|
"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487",
|
|
"https://my.f5.com/manage/s/article/K000137106",
|
|
"https://netty.io/news/2023/10/10/4-1-100-Final.html",
|
|
"https://news.ycombinator.com/item?id=37830987",
|
|
"https://news.ycombinator.com/item?id=37830998",
|
|
"https://news.ycombinator.com/item?id=37831062",
|
|
"https://news.ycombinator.com/item?id=37837043",
|
|
"https://nodejs.org/en/blog/vulnerability/october-2023-security-releases",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
|
|
"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response",
|
|
"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/",
|
|
"https://pkg.go.dev/vuln/GO-2023-2102",
|
|
"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected",
|
|
"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ",
|
|
"https://security.gentoo.org/glsa/202311-09",
|
|
"https://security.netapp.com/advisory/ntap-20231016-0001",
|
|
"https://security.netapp.com/advisory/ntap-20231016-0001/",
|
|
"https://security.netapp.com/advisory/ntap-20240426-0007",
|
|
"https://security.netapp.com/advisory/ntap-20240426-0007/",
|
|
"https://security.netapp.com/advisory/ntap-20240621-0006",
|
|
"https://security.netapp.com/advisory/ntap-20240621-0006/",
|
|
"https://security.netapp.com/advisory/ntap-20240621-0007",
|
|
"https://security.netapp.com/advisory/ntap-20240621-0007/",
|
|
"https://security.paloaltonetworks.com/CVE-2023-44487",
|
|
"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14",
|
|
"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12",
|
|
"https://tomcat.apache.org/security-8.html",
|
|
"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94",
|
|
"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81",
|
|
"https://ubuntu.com/security/CVE-2023-44487",
|
|
"https://ubuntu.com/security/notices/USN-6427-1",
|
|
"https://ubuntu.com/security/notices/USN-6427-2",
|
|
"https://ubuntu.com/security/notices/USN-6438-1",
|
|
"https://ubuntu.com/security/notices/USN-6505-1",
|
|
"https://ubuntu.com/security/notices/USN-6574-1",
|
|
"https://ubuntu.com/security/notices/USN-6754-1",
|
|
"https://ubuntu.com/security/notices/USN-6994-1",
|
|
"https://ubuntu.com/security/notices/USN-7067-1",
|
|
"https://ubuntu.com/security/notices/USN-7410-1",
|
|
"https://ubuntu.com/security/notices/USN-7469-1",
|
|
"https://ubuntu.com/security/notices/USN-7469-2",
|
|
"https://ubuntu.com/security/notices/USN-7469-3",
|
|
"https://ubuntu.com/security/notices/USN-7469-4",
|
|
"https://ubuntu.com/security/notices/USN-7892-1",
|
|
"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records",
|
|
"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
|
|
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
|
|
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487",
|
|
"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
|
|
"https://www.cve.org/CVERecord?id=CVE-2023-44487",
|
|
"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event",
|
|
"https://www.debian.org/security/2023/dsa-5521",
|
|
"https://www.debian.org/security/2023/dsa-5522",
|
|
"https://www.debian.org/security/2023/dsa-5540",
|
|
"https://www.debian.org/security/2023/dsa-5549",
|
|
"https://www.debian.org/security/2023/dsa-5558",
|
|
"https://www.debian.org/security/2023/dsa-5570",
|
|
"https://www.eclipse.org/lists/jetty-announce/msg00181.html",
|
|
"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
|
|
"https://www.mail-archive.com/haproxy@formilux.org/msg44134.html",
|
|
"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487",
|
|
"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/",
|
|
"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products",
|
|
"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
|
|
"https://www.openwall.com/lists/oss-security/2023/10/10/6",
|
|
"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack",
|
|
"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday",
|
|
"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/",
|
|
"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
|
|
],
|
|
"PublishedDate": "2023-10-10T14:15:10.883Z",
|
|
"LastModifiedDate": "2025-11-07T19:00:41.81Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2023-45288",
|
|
"VendorIDs": [
|
|
"GHSA-4v7x-pqxf-cx7m"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.8.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.8.0",
|
|
"UID": "9c135806f6f840e4"
|
|
},
|
|
"InstalledVersion": "v0.8.0",
|
|
"FixedVersion": "0.23.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:f56d55f16e6109bfd3b31cdd997e7c76e9bb6391e271c5a6f9054d68e3141767",
|
|
"Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
|
|
"Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"alma": 3,
|
|
"amazon": 2,
|
|
"azure": 3,
|
|
"bitnami": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 2,
|
|
"oracle-oval": 3,
|
|
"photon": 3,
|
|
"redhat": 3,
|
|
"rocky": 3,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"bitnami": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2024/04/03/16",
|
|
"http://www.openwall.com/lists/oss-security/2024/04/05/4",
|
|
"https://access.redhat.com/errata/RHSA-2024:3346",
|
|
"https://access.redhat.com/security/cve/CVE-2023-45288",
|
|
"https://bugzilla.redhat.com/2268017",
|
|
"https://bugzilla.redhat.com/2268018",
|
|
"https://bugzilla.redhat.com/2268019",
|
|
"https://bugzilla.redhat.com/2268273",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2268017",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2268018",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2268019",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2268273",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783",
|
|
"https://errata.almalinux.org/8/ALSA-2024-3346.html",
|
|
"https://errata.rockylinux.org/RLSA-2024:2724",
|
|
"https://go.dev/cl/576155",
|
|
"https://go.dev/issue/65051",
|
|
"https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M",
|
|
"https://kb.cert.org/vuls/id/421644",
|
|
"https://linux.oracle.com/cve/CVE-2023-45288.html",
|
|
"https://linux.oracle.com/errata/ELSA-2024-3346.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/",
|
|
"https://nowotarski.info/http2-continuation-flood-technical-details",
|
|
"https://nowotarski.info/http2-continuation-flood/",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
|
|
"https://pkg.go.dev/vuln/GO-2024-2687",
|
|
"https://security.netapp.com/advisory/ntap-20240419-0009",
|
|
"https://security.netapp.com/advisory/ntap-20240419-0009/",
|
|
"https://ubuntu.com/security/notices/USN-6886-1",
|
|
"https://ubuntu.com/security/notices/USN-7109-1",
|
|
"https://ubuntu.com/security/notices/USN-7111-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2023-45288",
|
|
"https://www.kb.cert.org/vuls/id/421644"
|
|
],
|
|
"PublishedDate": "2024-04-04T21:15:16.113Z",
|
|
"LastModifiedDate": "2025-11-04T19:16:01.263Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22870",
|
|
"VendorIDs": [
|
|
"GHSA-qxp5-gwg8-xv66"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.8.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.8.0",
|
|
"UID": "9c135806f6f840e4"
|
|
},
|
|
"InstalledVersion": "v0.8.0",
|
|
"FixedVersion": "0.36.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:1ffb452437914fe4f0e3b0c23953b440ced819bd7a40bd14d8e52757f8083425",
|
|
"Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
|
|
"Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-115"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2025/03/07/2",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22870",
|
|
"https://github.com/golang/go/issues/71984",
|
|
"https://go-review.googlesource.com/q/project:net",
|
|
"https://go.dev/cl/654697",
|
|
"https://go.dev/issue/71984",
|
|
"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
|
|
"https://pkg.go.dev/vuln/GO-2025-3503",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7574-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22870"
|
|
],
|
|
"PublishedDate": "2025-03-12T19:15:38.31Z",
|
|
"LastModifiedDate": "2025-05-09T20:15:38.727Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22872",
|
|
"VendorIDs": [
|
|
"GHSA-vvgc-356p-c3xw"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.8.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.8.0",
|
|
"UID": "9c135806f6f840e4"
|
|
},
|
|
"InstalledVersion": "v0.8.0",
|
|
"FixedVersion": "0.38.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:bcdcbdfd47e377d1d42b23ff2f4e39530a231d3b9b28530fde57d8750593c0fe",
|
|
"Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
|
|
"Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22872",
|
|
"https://github.com/advisories/GHSA-vvgc-356p-c3xw",
|
|
"https://go.dev/cl/662715",
|
|
"https://go.dev/issue/73070",
|
|
"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22872",
|
|
"https://pkg.go.dev/vuln/GO-2025-3595",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22872"
|
|
],
|
|
"PublishedDate": "2025-04-16T18:16:04.183Z",
|
|
"LastModifiedDate": "2025-05-16T23:15:19.707Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22868",
|
|
"VendorIDs": [
|
|
"GHSA-6v2p-p543-phr9"
|
|
],
|
|
"PkgID": "golang.org/x/oauth2@v0.6.0",
|
|
"PkgName": "golang.org/x/oauth2",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/oauth2@v0.6.0",
|
|
"UID": "fb67ff09699bce72"
|
|
},
|
|
"InstalledVersion": "v0.6.0",
|
|
"FixedVersion": "0.27.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:58e93ca9a401afd4f75a4c748f72dd3d28c5682928177425de7ba61eae187480",
|
|
"Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
|
|
"Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-1286"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"redhat": 3,
|
|
"rocky": 3
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22868",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2347423",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2348366",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2352914",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2354195",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204",
|
|
"https://errata.rockylinux.org/RLSA-2025:7479",
|
|
"https://go.dev/cl/652155",
|
|
"https://go.dev/issue/71490",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
|
|
"https://pkg.go.dev/vuln/GO-2025-3488",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22868"
|
|
],
|
|
"PublishedDate": "2025-02-26T08:14:24.897Z",
|
|
"LastModifiedDate": "2025-05-01T19:27:10.43Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2024-24786",
|
|
"VendorIDs": [
|
|
"GHSA-8r3f-844c-mc37"
|
|
],
|
|
"PkgID": "google.golang.org/protobuf@v1.28.1",
|
|
"PkgName": "google.golang.org/protobuf",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1",
|
|
"UID": "c2f1221a63507118"
|
|
},
|
|
"InstalledVersion": "v1.28.1",
|
|
"FixedVersion": "1.33.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24786",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:61d030caa7b1120a66ee197ea827802136e3ab86026d81817a4ee2abfd815809",
|
|
"Title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
|
|
"Description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 2,
|
|
"azure": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 2,
|
|
"oracle-oval": 2,
|
|
"redhat": 2,
|
|
"rocky": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 5.9
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2024/03/08/4",
|
|
"https://access.redhat.com/errata/RHSA-2024:4246",
|
|
"https://access.redhat.com/security/cve/CVE-2024-24786",
|
|
"https://bugzilla.redhat.com/2268046",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786",
|
|
"https://errata.almalinux.org/8/ALSA-2024-4246.html",
|
|
"https://errata.rockylinux.org/RLSA-2024:2550",
|
|
"https://github.com/protocolbuffers/protobuf-go",
|
|
"https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023",
|
|
"https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0",
|
|
"https://go-review.googlesource.com/c/protobuf/+/569356",
|
|
"https://go.dev/cl/569356",
|
|
"https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
|
|
"https://linux.oracle.com/cve/CVE-2024-24786.html",
|
|
"https://linux.oracle.com/errata/ELSA-2024-4246.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
|
|
"https://pkg.go.dev/vuln/GO-2024-2611",
|
|
"https://security.netapp.com/advisory/ntap-20240517-0002",
|
|
"https://security.netapp.com/advisory/ntap-20240517-0002/",
|
|
"https://ubuntu.com/security/notices/USN-6746-1",
|
|
"https://ubuntu.com/security/notices/USN-6746-2",
|
|
"https://www.cve.org/CVERecord?id=CVE-2024-24786"
|
|
],
|
|
"PublishedDate": "2024-03-05T23:15:07.82Z",
|
|
"LastModifiedDate": "2024-11-21T08:59:42.117Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/distribution/reference@v0.6.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/distribution/reference",
|
|
"Name": "github.com/distribution/reference",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/distribution/reference",
|
|
"UID": "164ac0beb2a38c66"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/opencontainers/go-digest@v1.0.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/opencontainers/go-digest@v1.0.0",
|
|
"Name": "github.com/opencontainers/go-digest",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0",
|
|
"UID": "c37c840da16190e2"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/docker/go-connections@v0.6.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/docker/go-connections",
|
|
"Name": "github.com/docker/go-connections",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/docker/go-connections",
|
|
"UID": "29cba718fe15513b"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/Microsoft/go-winio@v0.4.21",
|
|
"golang.org/x/sys@v0.1.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/Microsoft/go-winio@v0.4.21",
|
|
"Name": "github.com/Microsoft/go-winio",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/microsoft/go-winio@v0.4.21",
|
|
"UID": "7c449a22508f8dc5"
|
|
},
|
|
"Version": "v0.4.21",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.1.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.1.0",
|
|
"UID": "dffc0d22279f9a38"
|
|
},
|
|
"Version": "v0.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/fatih/color@v1.15.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/fatih/color",
|
|
"Name": "github.com/fatih/color",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/color",
|
|
"UID": "2a48ac8290674878"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-colorable@v0.1.13",
|
|
"github.com/mattn/go-isatty@v0.0.17",
|
|
"golang.org/x/sys@v0.6.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-colorable@v0.1.13",
|
|
"Name": "github.com/mattn/go-colorable",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.13",
|
|
"UID": "18f417fe8b22e4f6"
|
|
},
|
|
"Version": "v0.1.13",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-isatty@v0.0.17"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-isatty@v0.0.17",
|
|
"Name": "github.com/mattn/go-isatty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.17",
|
|
"UID": "2d5a557aac7e57af"
|
|
},
|
|
"Version": "v0.0.17",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.6.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.6.0",
|
|
"UID": "5f7dfc2a7ac0e2f5"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/fatih/gomodifytags@v1.17.1-0.20250423142747-f3939df9aa3c/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/fatih/gomodifytags",
|
|
"Name": "github.com/fatih/gomodifytags",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/gomodifytags",
|
|
"UID": "25e9da0346d6d112"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/fatih/camelcase@v1.0.0",
|
|
"github.com/fatih/structtag@v1.2.0",
|
|
"golang.org/x/tools@v0.23.0",
|
|
"github.com/yuin/goldmark@v1.4.13",
|
|
"golang.org/x/net@v0.27.0",
|
|
"golang.org/x/sync@v0.7.0",
|
|
"golang.org/x/xerrors@v0.0.0-20190717185122-a985d3407aa7",
|
|
"golang.org/x/sys@v0.22.0",
|
|
"golang.org/x/telemetry@v0.0.0-20240521205824-bda55230c457",
|
|
"golang.org/x/mod@v0.19.0",
|
|
"github.com/google/go-cmp@v0.6.0",
|
|
"golang.org/x/crypto@v0.25.0",
|
|
"golang.org/x/term@v0.22.0",
|
|
"golang.org/x/text@v0.16.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/fatih/camelcase@v1.0.0",
|
|
"Name": "github.com/fatih/camelcase",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/camelcase@v1.0.0",
|
|
"UID": "38a53414ae28f265"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/fatih/structtag@v1.2.0",
|
|
"Name": "github.com/fatih/structtag",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/structtag@v1.2.0",
|
|
"UID": "26432ccd72a92c91"
|
|
},
|
|
"Version": "v1.2.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.23.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.23.0",
|
|
"UID": "6f2bf53b01a9657d"
|
|
},
|
|
"Version": "v0.23.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.6.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0",
|
|
"UID": "3ebd05ae8fcc1458"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/yuin/goldmark@v1.4.13",
|
|
"Name": "github.com/yuin/goldmark",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/yuin/goldmark@v1.4.13",
|
|
"UID": "a45f07b35248adff"
|
|
},
|
|
"Version": "v1.4.13",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.25.0",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.25.0",
|
|
"UID": "f31a276e752e7de0"
|
|
},
|
|
"Version": "v0.25.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.19.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.19.0",
|
|
"UID": "820cc1b225a1d36f"
|
|
},
|
|
"Version": "v0.19.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.27.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.27.0",
|
|
"UID": "7c3a8081b13cf715"
|
|
},
|
|
"Version": "v0.27.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.7.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.7.0",
|
|
"UID": "75ae4484d68ad224"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.22.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.22.0",
|
|
"UID": "aaecf0d743cabfa1"
|
|
},
|
|
"Version": "v0.22.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/telemetry@v0.0.0-20240521205824-bda55230c457",
|
|
"Name": "golang.org/x/telemetry",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/telemetry@v0.0.0-20240521205824-bda55230c457",
|
|
"UID": "9248ac0d144efe69"
|
|
},
|
|
"Version": "v0.0.0-20240521205824-bda55230c457",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/term@v0.22.0",
|
|
"Name": "golang.org/x/term",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/term@v0.22.0",
|
|
"UID": "9cf452b5c2a0ad6d"
|
|
},
|
|
"Version": "v0.22.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.16.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.16.0",
|
|
"UID": "2de300cc2440db4d"
|
|
},
|
|
"Version": "v0.16.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/xerrors@v0.0.0-20190717185122-a985d3407aa7",
|
|
"Name": "golang.org/x/xerrors",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/xerrors@v0.0.0-20190717185122-a985d3407aa7",
|
|
"UID": "f60f297752e0665c"
|
|
},
|
|
"Version": "v0.0.0-20190717185122-a985d3407aa7",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2024-45337",
|
|
"VendorIDs": [
|
|
"GHSA-v778-237x-gjrc"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.25.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.25.0",
|
|
"UID": "f31a276e752e7de0"
|
|
},
|
|
"InstalledVersion": "v0.25.0",
|
|
"FixedVersion": "0.31.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:108d9a2ed2e9d269b6720f9ab0ff2cba7a313be3c6b7d74e413b70a030c0aee8",
|
|
"Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
|
|
"Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
|
|
"Severity": "CRITICAL",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 4,
|
|
"cbl-mariner": 4,
|
|
"ghsa": 4,
|
|
"redhat": 3,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
|
"V3Score": 9.1
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
|
|
"V3Score": 8.2
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2024/12/11/2",
|
|
"https://access.redhat.com/security/cve/CVE-2024-45337",
|
|
"https://github.com/golang/crypto",
|
|
"https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
|
|
"https://go-review.googlesource.com/c/crypto/+/635315/",
|
|
"https://go.dev/cl/635315",
|
|
"https://go.dev/issue/70779",
|
|
"https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
|
|
"https://pkg.go.dev/vuln/GO-2024-3321",
|
|
"https://security.netapp.com/advisory/ntap-20250131-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250131-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7839-1",
|
|
"https://ubuntu.com/security/notices/USN-7839-2",
|
|
"https://www.cve.org/CVERecord?id=CVE-2024-45337"
|
|
],
|
|
"PublishedDate": "2024-12-12T02:02:07.97Z",
|
|
"LastModifiedDate": "2025-02-18T21:15:22.187Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22869",
|
|
"VendorIDs": [
|
|
"GHSA-hcg3-q754-cr77"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.25.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.25.0",
|
|
"UID": "f31a276e752e7de0"
|
|
},
|
|
"InstalledVersion": "v0.25.0",
|
|
"FixedVersion": "0.35.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:6000b4961eed5d2b919361edbdfb8107bc2db0e11e8d1315618dbbfd362a6680",
|
|
"Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
|
|
"Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 3,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"oracle-oval": 3,
|
|
"redhat": 3,
|
|
"rocky": 3
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2025:3833",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22869",
|
|
"https://bugzilla.redhat.com/2348367",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2348367",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869",
|
|
"https://errata.almalinux.org/9/ALSA-2025-3833.html",
|
|
"https://errata.rockylinux.org/RLSA-2025:7416",
|
|
"https://github.com/golang/crypto",
|
|
"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22",
|
|
"https://go-review.googlesource.com/c/crypto/+/652135",
|
|
"https://go.dev/cl/652135",
|
|
"https://go.dev/issue/71931",
|
|
"https://linux.oracle.com/cve/CVE-2025-22869.html",
|
|
"https://linux.oracle.com/errata/ELSA-2025-7484.html",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
|
|
"https://pkg.go.dev/vuln/GO-2025-3487",
|
|
"https://security.netapp.com/advisory/ntap-20250411-0010",
|
|
"https://security.netapp.com/advisory/ntap-20250411-0010/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22869"
|
|
],
|
|
"PublishedDate": "2025-02-26T08:14:24.997Z",
|
|
"LastModifiedDate": "2025-05-01T19:28:20.74Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-47914",
|
|
"VendorIDs": [
|
|
"GHSA-f6x5-jh6r-wrfv"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.25.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.25.0",
|
|
"UID": "f31a276e752e7de0"
|
|
},
|
|
"InstalledVersion": "v0.25.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:f77fb4ab7e7b7f57c152351aef156dab411510e0f4c765d183c41ed18aa63dfe",
|
|
"Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
|
|
"Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-47914",
|
|
"https://go.dev/cl/721960",
|
|
"https://go.dev/issue/76364",
|
|
"https://go.googlesource.com/crypto",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
|
|
"https://pkg.go.dev/vuln/GO-2025-4135",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-47914"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.517Z",
|
|
"LastModifiedDate": "2025-12-11T19:36:41.373Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-58181",
|
|
"VendorIDs": [
|
|
"GHSA-j5w8-q4qc-rx2x"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.25.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.25.0",
|
|
"UID": "f31a276e752e7de0"
|
|
},
|
|
"InstalledVersion": "v0.25.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:a2dd0920042264b0404d0ee9405428962697c8aba27e570dc3cbe765ac971bc5",
|
|
"Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
|
|
"Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-58181",
|
|
"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c",
|
|
"https://github.com/golang/go/issues/76363",
|
|
"https://go.dev/cl/721961",
|
|
"https://go.dev/issue/76363",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
|
|
"https://pkg.go.dev/vuln/GO-2025-4134",
|
|
"https://ubuntu.com/security/notices/USN-7956-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-58181"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.85Z",
|
|
"LastModifiedDate": "2025-12-11T19:29:24.9Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22870",
|
|
"VendorIDs": [
|
|
"GHSA-qxp5-gwg8-xv66"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.27.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.27.0",
|
|
"UID": "7c3a8081b13cf715"
|
|
},
|
|
"InstalledVersion": "v0.27.0",
|
|
"FixedVersion": "0.36.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:3df74b8e0fca82cb07bbb482af7cf077c792e35574e51b6c898edbff273414b8",
|
|
"Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
|
|
"Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-115"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2025/03/07/2",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22870",
|
|
"https://github.com/golang/go/issues/71984",
|
|
"https://go-review.googlesource.com/q/project:net",
|
|
"https://go.dev/cl/654697",
|
|
"https://go.dev/issue/71984",
|
|
"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
|
|
"https://pkg.go.dev/vuln/GO-2025-3503",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7574-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22870"
|
|
],
|
|
"PublishedDate": "2025-03-12T19:15:38.31Z",
|
|
"LastModifiedDate": "2025-05-09T20:15:38.727Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22872",
|
|
"VendorIDs": [
|
|
"GHSA-vvgc-356p-c3xw"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.27.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.27.0",
|
|
"UID": "7c3a8081b13cf715"
|
|
},
|
|
"InstalledVersion": "v0.27.0",
|
|
"FixedVersion": "0.38.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:2698ebe42cc2f54167111b88f9c437e0d82f91f68f124791585d721d15cdfa15",
|
|
"Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
|
|
"Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22872",
|
|
"https://github.com/advisories/GHSA-vvgc-356p-c3xw",
|
|
"https://go.dev/cl/662715",
|
|
"https://go.dev/issue/73070",
|
|
"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22872",
|
|
"https://pkg.go.dev/vuln/GO-2025-3595",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22872"
|
|
],
|
|
"PublishedDate": "2025-04-16T18:16:04.183Z",
|
|
"LastModifiedDate": "2025-05-16T23:15:19.707Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/fatih/structtag@v1.2.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/fatih/structtag",
|
|
"Name": "github.com/fatih/structtag",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/structtag",
|
|
"UID": "f54ff5bd9fe43dc0"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/felixge/httpsnoop@v1.0.4/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/felixge/httpsnoop",
|
|
"Name": "github.com/felixge/httpsnoop",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/felixge/httpsnoop",
|
|
"UID": "57348bf24d09e892"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/fsnotify/fsnotify@v1.9.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/fsnotify/fsnotify",
|
|
"Name": "github.com/fsnotify/fsnotify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fsnotify/fsnotify",
|
|
"UID": "46af9e9f220d542c"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.13.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.13.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.13.0",
|
|
"UID": "18b560515cdf598b"
|
|
},
|
|
"Version": "v0.13.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/gabriel-vasile/mimetype@v1.4.10/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/gabriel-vasile/mimetype",
|
|
"Name": "github.com/gabriel-vasile/mimetype",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gabriel-vasile/mimetype",
|
|
"UID": "92dc5ee43c56809d"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/gabriel-vasile/mimetype@v1.4.8/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/gabriel-vasile/mimetype",
|
|
"Name": "github.com/gabriel-vasile/mimetype",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gabriel-vasile/mimetype",
|
|
"UID": "12e7dc3e6b8d9dcc"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/net@v0.33.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.33.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.33.0",
|
|
"UID": "3f7ebd3e14e8556e"
|
|
},
|
|
"Version": "v0.33.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22870",
|
|
"VendorIDs": [
|
|
"GHSA-qxp5-gwg8-xv66"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.33.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.33.0",
|
|
"UID": "3f7ebd3e14e8556e"
|
|
},
|
|
"InstalledVersion": "v0.33.0",
|
|
"FixedVersion": "0.36.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:48d8b130ee3630521a57f8db551a0a7e191853c0174b1b42f8fab6327a6f0343",
|
|
"Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
|
|
"Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-115"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2025/03/07/2",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22870",
|
|
"https://github.com/golang/go/issues/71984",
|
|
"https://go-review.googlesource.com/q/project:net",
|
|
"https://go.dev/cl/654697",
|
|
"https://go.dev/issue/71984",
|
|
"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
|
|
"https://pkg.go.dev/vuln/GO-2025-3503",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7574-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22870"
|
|
],
|
|
"PublishedDate": "2025-03-12T19:15:38.31Z",
|
|
"LastModifiedDate": "2025-05-09T20:15:38.727Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22872",
|
|
"VendorIDs": [
|
|
"GHSA-vvgc-356p-c3xw"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.33.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.33.0",
|
|
"UID": "3f7ebd3e14e8556e"
|
|
},
|
|
"InstalledVersion": "v0.33.0",
|
|
"FixedVersion": "0.38.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:d25b607a36d64cf76081a04785095d1467ab1867bfa2a5dc26757a47938700ba",
|
|
"Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
|
|
"Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22872",
|
|
"https://github.com/advisories/GHSA-vvgc-356p-c3xw",
|
|
"https://go.dev/cl/662715",
|
|
"https://go.dev/issue/73070",
|
|
"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22872",
|
|
"https://pkg.go.dev/vuln/GO-2025-3595",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22872"
|
|
],
|
|
"PublishedDate": "2025-04-16T18:16:04.183Z",
|
|
"LastModifiedDate": "2025-05-16T23:15:19.707Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/gin-contrib/gzip@v1.2.5/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/gin-contrib/gzip",
|
|
"Name": "github.com/gin-contrib/gzip",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gin-contrib/gzip",
|
|
"UID": "d68c77b1ae5dbf21"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/gin-gonic/gin@v1.11.0",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gin-gonic/gin@v1.11.0",
|
|
"Name": "github.com/gin-gonic/gin",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gin-gonic/gin@v1.11.0",
|
|
"UID": "91d5388d22d2bb8a"
|
|
},
|
|
"Version": "v1.11.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/bytedance/sonic@v1.14.1",
|
|
"github.com/gin-contrib/sse@v1.1.0",
|
|
"github.com/go-playground/validator/v10@v10.28.0",
|
|
"github.com/goccy/go-json@v0.10.5",
|
|
"github.com/goccy/go-yaml@v1.18.0",
|
|
"github.com/json-iterator/go@v1.1.12",
|
|
"github.com/mattn/go-isatty@v0.0.20",
|
|
"github.com/modern-go/reflect2@v1.0.2",
|
|
"github.com/pelletier/go-toml/v2@v2.2.4",
|
|
"github.com/quic-go/quic-go@v0.55.0",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"github.com/ugorji/go/codec@v1.3.0",
|
|
"golang.org/x/net@v0.46.0",
|
|
"google.golang.org/protobuf@v1.36.10"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.11.1",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1",
|
|
"UID": "a4e82d29d0cc268"
|
|
},
|
|
"Version": "v1.11.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/bytedance/gopkg@v0.1.3",
|
|
"Name": "github.com/bytedance/gopkg",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/bytedance/gopkg@v0.1.3",
|
|
"UID": "71805a8ecabc511d"
|
|
},
|
|
"Version": "v0.1.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/net@v0.46.0",
|
|
"golang.org/x/sync@v0.17.0",
|
|
"golang.org/x/sys@v0.37.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/bytedance/sonic@v1.14.1",
|
|
"Name": "github.com/bytedance/sonic",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/bytedance/sonic@v1.14.1",
|
|
"UID": "9041b964022e9d04"
|
|
},
|
|
"Version": "v1.14.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/bytedance/gopkg@v0.1.3",
|
|
"github.com/bytedance/sonic/loader@v0.3.0",
|
|
"github.com/cloudwego/base64x@v0.1.6",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"github.com/twitchyliquid64/golang-asm@v0.15.1",
|
|
"golang.org/x/arch@v0.22.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/bytedance/sonic/loader@v0.3.0",
|
|
"Name": "github.com/bytedance/sonic/loader",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/bytedance/sonic/loader@v0.3.0",
|
|
"UID": "cb8edb7a28c2920d"
|
|
},
|
|
"Version": "v0.3.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/cloudwego/base64x@v0.1.6",
|
|
"Name": "github.com/cloudwego/base64x",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/cloudwego/base64x@v0.1.6",
|
|
"UID": "c0c8ced8d9b77c09"
|
|
},
|
|
"Version": "v0.1.6",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/bytedance/sonic/loader@v0.3.0",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "b50515b88e01733c"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gabriel-vasile/mimetype@v1.4.10",
|
|
"Name": "github.com/gabriel-vasile/mimetype",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gabriel-vasile/mimetype@v1.4.10",
|
|
"UID": "f82b9cbbb7531c38"
|
|
},
|
|
"Version": "v1.4.10",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gin-contrib/sse@v1.1.0",
|
|
"Name": "github.com/gin-contrib/sse",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gin-contrib/sse@v1.1.0",
|
|
"UID": "25713e6a23b49522"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/locales@v0.14.1",
|
|
"Name": "github.com/go-playground/locales",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/locales@v0.14.1",
|
|
"UID": "32172a90833a255a"
|
|
},
|
|
"Version": "v0.14.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/text@v0.30.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/universal-translator@v0.18.1",
|
|
"Name": "github.com/go-playground/universal-translator",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/universal-translator@v0.18.1",
|
|
"UID": "78fee99e33083e4d"
|
|
},
|
|
"Version": "v0.18.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/go-playground/locales@v0.14.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/validator/v10@v10.28.0",
|
|
"Name": "github.com/go-playground/validator/v10",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/validator/v10@v10.28.0",
|
|
"UID": "665400ee4734b954"
|
|
},
|
|
"Version": "v10.28.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/gabriel-vasile/mimetype@v1.4.10",
|
|
"github.com/go-playground/locales@v0.14.1",
|
|
"github.com/go-playground/universal-translator@v0.18.1",
|
|
"github.com/leodido/go-urn@v1.4.0",
|
|
"golang.org/x/crypto@v0.43.0",
|
|
"golang.org/x/text@v0.30.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/goccy/go-json@v0.10.5",
|
|
"Name": "github.com/goccy/go-json",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/goccy/go-json@v0.10.5",
|
|
"UID": "9573235fd4d1e540"
|
|
},
|
|
"Version": "v0.10.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/goccy/go-yaml@v1.18.0",
|
|
"Name": "github.com/goccy/go-yaml",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/goccy/go-yaml@v1.18.0",
|
|
"UID": "5051936978498f08"
|
|
},
|
|
"Version": "v1.18.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/json-iterator/go@v1.1.12",
|
|
"Name": "github.com/json-iterator/go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12",
|
|
"UID": "957ceb4e62b4ea3f"
|
|
},
|
|
"Version": "v1.1.12",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"github.com/modern-go/reflect2@v1.0.2",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"Name": "github.com/klauspost/cpuid/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"UID": "d37a647bcd0fd8ce"
|
|
},
|
|
"Version": "v2.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.37.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/leodido/go-urn@v1.4.0",
|
|
"Name": "github.com/leodido/go-urn",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/leodido/go-urn@v1.4.0",
|
|
"UID": "4e4cba137261231c"
|
|
},
|
|
"Version": "v1.4.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-isatty@v0.0.20",
|
|
"Name": "github.com/mattn/go-isatty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20",
|
|
"UID": "576911b665a2b357"
|
|
},
|
|
"Version": "v0.0.20",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.37.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"Name": "github.com/modern-go/concurrent",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"UID": "f411576be1f875f7"
|
|
},
|
|
"Version": "v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/modern-go/reflect2@v1.0.2",
|
|
"Name": "github.com/modern-go/reflect2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2",
|
|
"UID": "ed64ba6145e34bd0"
|
|
},
|
|
"Version": "v1.0.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pelletier/go-toml/v2@v2.2.4",
|
|
"Name": "github.com/pelletier/go-toml/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pelletier/go-toml/v2@v2.2.4",
|
|
"UID": "209d3390e220b71e"
|
|
},
|
|
"Version": "v2.2.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "66de36657f103de2"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/quic-go/qpack@v0.5.1",
|
|
"Name": "github.com/quic-go/qpack",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/qpack@v0.5.1",
|
|
"UID": "4bb5543f51a0128c"
|
|
},
|
|
"Version": "v0.5.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/net@v0.46.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/quic-go/quic-go@v0.55.0",
|
|
"Name": "github.com/quic-go/quic-go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/quic-go@v0.55.0",
|
|
"UID": "2e80e9d9f078e35e"
|
|
},
|
|
"Version": "v0.55.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/quic-go/qpack@v0.5.1",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.uber.org/mock@v0.6.0",
|
|
"golang.org/x/crypto@v0.43.0",
|
|
"golang.org/x/net@v0.46.0",
|
|
"golang.org/x/sync@v0.17.0",
|
|
"golang.org/x/sys@v0.37.0",
|
|
"golang.org/x/tools@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/twitchyliquid64/golang-asm@v0.15.1",
|
|
"Name": "github.com/twitchyliquid64/golang-asm",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/twitchyliquid64/golang-asm@v0.15.1",
|
|
"UID": "60af3885d61a8f57"
|
|
},
|
|
"Version": "v0.15.1",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/ugorji/go/codec@v1.3.0",
|
|
"Name": "github.com/ugorji/go/codec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/ugorji/go/codec@v1.3.0",
|
|
"UID": "acd9bfb29aba39c3"
|
|
},
|
|
"Version": "v1.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.uber.org/mock@v0.6.0",
|
|
"Name": "go.uber.org/mock",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.uber.org/mock@v0.6.0",
|
|
"UID": "4b724a95ff17c8f6"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/mod@v0.29.0",
|
|
"golang.org/x/tools@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/arch@v0.22.0",
|
|
"Name": "golang.org/x/arch",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/arch@v0.22.0",
|
|
"UID": "58b1c65dcd514ac3"
|
|
},
|
|
"Version": "v0.22.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.43.0",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.43.0",
|
|
"UID": "d37745759ac3aac0"
|
|
},
|
|
"Version": "v0.43.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.29.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.29.0",
|
|
"UID": "76d071db6dac8f2a"
|
|
},
|
|
"Version": "v0.29.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.46.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.46.0",
|
|
"UID": "d2678f6a3d130398"
|
|
},
|
|
"Version": "v0.46.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.17.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.17.0",
|
|
"UID": "eaec54e8ccfc4a5f"
|
|
},
|
|
"Version": "v0.17.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.37.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.37.0",
|
|
"UID": "86dbe46cfba5d3a5"
|
|
},
|
|
"Version": "v0.37.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.30.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.30.0",
|
|
"UID": "395c9b86619c3419"
|
|
},
|
|
"Version": "v0.30.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.38.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.38.0",
|
|
"UID": "c60af03a4c6910c"
|
|
},
|
|
"Version": "v0.38.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.29.0",
|
|
"golang.org/x/net@v0.46.0",
|
|
"golang.org/x/sync@v0.17.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/protobuf@v1.36.10",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.36.10",
|
|
"UID": "7838034e528ee748"
|
|
},
|
|
"Version": "v1.36.10",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "a7f8043893427a27"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-64702",
|
|
"VendorIDs": [
|
|
"GHSA-g754-hx8w-x2g6"
|
|
],
|
|
"PkgID": "github.com/quic-go/quic-go@v0.55.0",
|
|
"PkgName": "github.com/quic-go/quic-go",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/quic-go@v0.55.0",
|
|
"UID": "2e80e9d9f078e35e"
|
|
},
|
|
"InstalledVersion": "v0.55.0",
|
|
"FixedVersion": "0.57.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64702",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:ad72daf1a699b68a9f6dd8ba94e6f1a3aafe59751c6ca6cdf30c93da5139b10c",
|
|
"Title": "github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS",
|
|
"Description": "quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-64702",
|
|
"https://github.com/quic-go/quic-go",
|
|
"https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8",
|
|
"https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-64702",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-64702"
|
|
],
|
|
"PublishedDate": "2025-12-11T21:15:54.707Z",
|
|
"LastModifiedDate": "2025-12-12T15:17:31.973Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-47914",
|
|
"VendorIDs": [
|
|
"GHSA-f6x5-jh6r-wrfv"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.43.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.43.0",
|
|
"UID": "d37745759ac3aac0"
|
|
},
|
|
"InstalledVersion": "v0.43.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:1700cb75d19358f1600297902aaf9487786e49f7dc4d1f30caf79c40525f5767",
|
|
"Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
|
|
"Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-47914",
|
|
"https://go.dev/cl/721960",
|
|
"https://go.dev/issue/76364",
|
|
"https://go.googlesource.com/crypto",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
|
|
"https://pkg.go.dev/vuln/GO-2025-4135",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-47914"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.517Z",
|
|
"LastModifiedDate": "2025-12-11T19:36:41.373Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-58181",
|
|
"VendorIDs": [
|
|
"GHSA-j5w8-q4qc-rx2x"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.43.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.43.0",
|
|
"UID": "d37745759ac3aac0"
|
|
},
|
|
"InstalledVersion": "v0.43.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:8ffcc4b8f02b2bebaeb88da8fa7f0c0c98c7d4984a5c9bbe3da1771473fc2fa0",
|
|
"Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
|
|
"Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-58181",
|
|
"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c",
|
|
"https://github.com/golang/go/issues/76363",
|
|
"https://go.dev/cl/721961",
|
|
"https://go.dev/issue/76363",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
|
|
"https://pkg.go.dev/vuln/GO-2025-4134",
|
|
"https://ubuntu.com/security/notices/USN-7956-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-58181"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.85Z",
|
|
"LastModifiedDate": "2025-12-11T19:29:24.9Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/gin-contrib/sse@v1.1.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/gin-contrib/sse",
|
|
"Name": "github.com/gin-contrib/sse",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gin-contrib/sse",
|
|
"UID": "10f61b847600f2b5"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.10.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.10.0",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.10.0",
|
|
"UID": "cd09b77c3b304e6f"
|
|
},
|
|
"Version": "v1.10.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "49f9b4c4b070628"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "c5b1a9d893ceb272"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "d146ebd024ee59f3"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/gin-gonic/gin@v1.11.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/gin-gonic/gin",
|
|
"Name": "github.com/gin-gonic/gin",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gin-gonic/gin",
|
|
"UID": "a7561ee42ea133e8"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/bytedance/sonic@v1.14.0",
|
|
"github.com/gin-contrib/sse@v1.1.0",
|
|
"github.com/go-playground/validator/v10@v10.27.0",
|
|
"github.com/goccy/go-json@v0.10.2",
|
|
"github.com/goccy/go-yaml@v1.18.0",
|
|
"github.com/json-iterator/go@v1.1.12",
|
|
"github.com/mattn/go-isatty@v0.0.20",
|
|
"github.com/modern-go/reflect2@v1.0.2",
|
|
"github.com/pelletier/go-toml/v2@v2.2.4",
|
|
"github.com/quic-go/quic-go@v0.54.0",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"github.com/ugorji/go/codec@v1.3.0",
|
|
"golang.org/x/net@v0.42.0",
|
|
"google.golang.org/protobuf@v1.36.9",
|
|
"github.com/cloudwego/base64x@v0.1.6",
|
|
"github.com/gabriel-vasile/mimetype@v1.4.8",
|
|
"github.com/go-playground/universal-translator@v0.18.1",
|
|
"github.com/leodido/go-urn@v1.4.0",
|
|
"github.com/quic-go/qpack@v0.5.1",
|
|
"github.com/twitchyliquid64/golang-asm@v0.15.1",
|
|
"go.uber.org/mock@v0.5.0",
|
|
"golang.org/x/arch@v0.20.0",
|
|
"golang.org/x/crypto@v0.40.0",
|
|
"golang.org/x/mod@v0.25.0",
|
|
"golang.org/x/sync@v0.16.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/bytedance/sonic@v1.14.0",
|
|
"Name": "github.com/bytedance/sonic",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/bytedance/sonic@v1.14.0",
|
|
"UID": "a44ba8a001538334"
|
|
},
|
|
"Version": "v1.14.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gin-contrib/sse@v1.1.0",
|
|
"Name": "github.com/gin-contrib/sse",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gin-contrib/sse@v1.1.0",
|
|
"UID": "814903562b9ba8ff"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/validator/v10@v10.27.0",
|
|
"Name": "github.com/go-playground/validator/v10",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/validator/v10@v10.27.0",
|
|
"UID": "21b61b0b8d92744c"
|
|
},
|
|
"Version": "v10.27.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/goccy/go-json@v0.10.2",
|
|
"Name": "github.com/goccy/go-json",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/goccy/go-json@v0.10.2",
|
|
"UID": "7cd3e7e2bdaf56f"
|
|
},
|
|
"Version": "v0.10.2",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/goccy/go-yaml@v1.18.0",
|
|
"Name": "github.com/goccy/go-yaml",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/goccy/go-yaml@v1.18.0",
|
|
"UID": "bc11cbe1a94d2997"
|
|
},
|
|
"Version": "v1.18.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/json-iterator/go@v1.1.12",
|
|
"Name": "github.com/json-iterator/go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12",
|
|
"UID": "67762e92bd9948e5"
|
|
},
|
|
"Version": "v1.1.12",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/modern-go/concurrent@v0.0.0-20180228061459-e0a39a4cb421",
|
|
"github.com/modern-go/reflect2@v1.0.2",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-isatty@v0.0.20",
|
|
"Name": "github.com/mattn/go-isatty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20",
|
|
"UID": "e41aa263243a54d"
|
|
},
|
|
"Version": "v0.0.20",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.35.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/modern-go/reflect2@v1.0.2",
|
|
"Name": "github.com/modern-go/reflect2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2",
|
|
"UID": "9299cbd973f95c3a"
|
|
},
|
|
"Version": "v1.0.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pelletier/go-toml/v2@v2.2.4",
|
|
"Name": "github.com/pelletier/go-toml/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pelletier/go-toml/v2@v2.2.4",
|
|
"UID": "eb6f90a0f32da834"
|
|
},
|
|
"Version": "v2.2.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/quic-go/quic-go@v0.54.0",
|
|
"Name": "github.com/quic-go/quic-go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/quic-go@v0.54.0",
|
|
"UID": "3090ecf0444a0bbf"
|
|
},
|
|
"Version": "v0.54.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.11.1",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1",
|
|
"UID": "a9c0c4ff4006e22f"
|
|
},
|
|
"Version": "v1.11.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/ugorji/go/codec@v1.3.0",
|
|
"Name": "github.com/ugorji/go/codec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/ugorji/go/codec@v1.3.0",
|
|
"UID": "a0c59f4ad29639d3"
|
|
},
|
|
"Version": "v1.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.42.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.42.0",
|
|
"UID": "4c5a6bf8b6b13e40"
|
|
},
|
|
"Version": "v0.42.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/protobuf@v1.36.9",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.36.9",
|
|
"UID": "1a2329e6f2508906"
|
|
},
|
|
"Version": "v1.36.9",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/bytedance/sonic/loader@v0.3.0",
|
|
"Name": "github.com/bytedance/sonic/loader",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/bytedance/sonic/loader@v0.3.0",
|
|
"UID": "fb07c41eb5e04ab6"
|
|
},
|
|
"Version": "v0.3.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/cloudwego/base64x@v0.1.6",
|
|
"Name": "github.com/cloudwego/base64x",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/cloudwego/base64x@v0.1.6",
|
|
"UID": "b73ec8b98c48798a"
|
|
},
|
|
"Version": "v0.1.6",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/bytedance/sonic/loader@v0.3.0",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "d4786994256d6ecb"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gabriel-vasile/mimetype@v1.4.8",
|
|
"Name": "github.com/gabriel-vasile/mimetype",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gabriel-vasile/mimetype@v1.4.8",
|
|
"UID": "9b5fd9a364f73d29"
|
|
},
|
|
"Version": "v1.4.8",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/locales@v0.14.1",
|
|
"Name": "github.com/go-playground/locales",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/locales@v0.14.1",
|
|
"UID": "1953e1e395b1fdd"
|
|
},
|
|
"Version": "v0.14.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/text@v0.27.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/universal-translator@v0.18.1",
|
|
"Name": "github.com/go-playground/universal-translator",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/universal-translator@v0.18.1",
|
|
"UID": "54c0f9ef11443e32"
|
|
},
|
|
"Version": "v0.18.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/go-playground/locales@v0.14.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"Name": "github.com/klauspost/cpuid/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"UID": "fa8d434f6f7d00a2"
|
|
},
|
|
"Version": "v2.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.35.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/leodido/go-urn@v1.4.0",
|
|
"Name": "github.com/leodido/go-urn",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/leodido/go-urn@v1.4.0",
|
|
"UID": "ecb7f89c449ff96b"
|
|
},
|
|
"Version": "v1.4.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/modern-go/concurrent@v0.0.0-20180228061459-e0a39a4cb421",
|
|
"Name": "github.com/modern-go/concurrent",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180228061459-e0a39a4cb421",
|
|
"UID": "591d449fba101d3c"
|
|
},
|
|
"Version": "v0.0.0-20180228061459-e0a39a4cb421",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "a2704e1a6701988d"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/quic-go/qpack@v0.5.1",
|
|
"Name": "github.com/quic-go/qpack",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/qpack@v0.5.1",
|
|
"UID": "8268bf5f06402439"
|
|
},
|
|
"Version": "v0.5.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/net@v0.42.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/twitchyliquid64/golang-asm@v0.15.1",
|
|
"Name": "github.com/twitchyliquid64/golang-asm",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/twitchyliquid64/golang-asm@v0.15.1",
|
|
"UID": "8a70c782bfee92b8"
|
|
},
|
|
"Version": "v0.15.1",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.uber.org/mock@v0.5.0",
|
|
"Name": "go.uber.org/mock",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.uber.org/mock@v0.5.0",
|
|
"UID": "75d8fb5100c36e08"
|
|
},
|
|
"Version": "v0.5.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/arch@v0.20.0",
|
|
"Name": "golang.org/x/arch",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/arch@v0.20.0",
|
|
"UID": "e84c507e3e40811c"
|
|
},
|
|
"Version": "v0.20.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.40.0",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.40.0",
|
|
"UID": "ba4f5ad7be2920ee"
|
|
},
|
|
"Version": "v0.40.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.25.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.25.0",
|
|
"UID": "9c543df21b5aa63b"
|
|
},
|
|
"Version": "v0.25.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.16.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.16.0",
|
|
"UID": "ac39a09e1d0b1523"
|
|
},
|
|
"Version": "v0.16.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.35.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.35.0",
|
|
"UID": "b7fa339fecab3308"
|
|
},
|
|
"Version": "v0.35.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.27.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.27.0",
|
|
"UID": "54022cc8235a981b"
|
|
},
|
|
"Version": "v0.27.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.34.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.34.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.34.0",
|
|
"UID": "ba99b9ba175aae5b"
|
|
},
|
|
"Version": "v0.34.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "ce062bce8b8d042c"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-59530",
|
|
"VendorIDs": [
|
|
"GHSA-47m2-4cr7-mhcw"
|
|
],
|
|
"PkgID": "github.com/quic-go/quic-go@v0.54.0",
|
|
"PkgName": "github.com/quic-go/quic-go",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/quic-go@v0.54.0",
|
|
"UID": "3090ecf0444a0bbf"
|
|
},
|
|
"InstalledVersion": "v0.54.0",
|
|
"FixedVersion": "0.49.1, 0.54.1",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59530",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:91517b27d797111a12430749662b55a841e5d73d581a3d763c007348aba2c0b5",
|
|
"Title": "github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame",
|
|
"Description": "quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations. quic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. Versions 0.49.0, 0.54.1, and 0.55.0 discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-617",
|
|
"CWE-755"
|
|
],
|
|
"VendorSeverity": {
|
|
"azure": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-59530",
|
|
"https://github.com/quic-go/quic-go",
|
|
"https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685",
|
|
"https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c",
|
|
"https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42",
|
|
"https://github.com/quic-go/quic-go/pull/5354",
|
|
"https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-59530",
|
|
"https://pkg.go.dev/vuln/GO-2025-4017",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-59530"
|
|
],
|
|
"PublishedDate": "2025-10-10T16:15:52.387Z",
|
|
"LastModifiedDate": "2025-10-14T19:36:59.73Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-64702",
|
|
"VendorIDs": [
|
|
"GHSA-g754-hx8w-x2g6"
|
|
],
|
|
"PkgID": "github.com/quic-go/quic-go@v0.54.0",
|
|
"PkgName": "github.com/quic-go/quic-go",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/quic-go@v0.54.0",
|
|
"UID": "3090ecf0444a0bbf"
|
|
},
|
|
"InstalledVersion": "v0.54.0",
|
|
"FixedVersion": "0.57.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64702",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:0b9868a6df430a51d5cc39bc951f4c899e78547f05610ac0b042c077f0290e11",
|
|
"Title": "github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS",
|
|
"Description": "quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-64702",
|
|
"https://github.com/quic-go/quic-go",
|
|
"https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8",
|
|
"https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-64702",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-64702"
|
|
],
|
|
"PublishedDate": "2025-12-11T21:15:54.707Z",
|
|
"LastModifiedDate": "2025-12-12T15:17:31.973Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-47914",
|
|
"VendorIDs": [
|
|
"GHSA-f6x5-jh6r-wrfv"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.40.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.40.0",
|
|
"UID": "ba4f5ad7be2920ee"
|
|
},
|
|
"InstalledVersion": "v0.40.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:54a663dcaec1ad70a1b82ea575fe8c9b0012d737c9f518207ae15c342194574a",
|
|
"Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
|
|
"Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-47914",
|
|
"https://go.dev/cl/721960",
|
|
"https://go.dev/issue/76364",
|
|
"https://go.googlesource.com/crypto",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
|
|
"https://pkg.go.dev/vuln/GO-2025-4135",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-47914"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.517Z",
|
|
"LastModifiedDate": "2025-12-11T19:36:41.373Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-58181",
|
|
"VendorIDs": [
|
|
"GHSA-j5w8-q4qc-rx2x"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.40.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.40.0",
|
|
"UID": "ba4f5ad7be2920ee"
|
|
},
|
|
"InstalledVersion": "v0.40.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:a1672f2cec32c0182c26a49cd5a6e0659ff15cf6eca9ef7ee3fd1a59e66c3299",
|
|
"Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
|
|
"Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-58181",
|
|
"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c",
|
|
"https://github.com/golang/go/issues/76363",
|
|
"https://go.dev/cl/721961",
|
|
"https://go.dev/issue/76363",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
|
|
"https://pkg.go.dev/vuln/GO-2025-4134",
|
|
"https://ubuntu.com/security/notices/USN-7956-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-58181"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.85Z",
|
|
"LastModifiedDate": "2025-12-11T19:29:24.9Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/go-logr/logr@v1.4.3/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/go-logr/logr",
|
|
"Name": "github.com/go-logr/logr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/logr",
|
|
"UID": "233ccccd49553fd9"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/go-logr/stdr@v1.2.2/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/go-logr/stdr",
|
|
"Name": "github.com/go-logr/stdr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/stdr",
|
|
"UID": "1cb095a8d406ee9d"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.2.2"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/logr@v1.2.2",
|
|
"Name": "github.com/go-logr/logr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/logr@v1.2.2",
|
|
"UID": "7a038de6636e80d0"
|
|
},
|
|
"Version": "v1.2.2",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/go-playground/locales@v0.14.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/go-playground/locales",
|
|
"Name": "github.com/go-playground/locales",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/locales",
|
|
"UID": "2d10a8d25a6a2075"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/text@v0.3.8",
|
|
"golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"golang.org/x/sys@v0.0.0-20220722155257-8c9f86f7a55f",
|
|
"golang.org/x/mod@v0.6.0-dev.0.20220419223038-86c51ed26bb4",
|
|
"github.com/yuin/goldmark@v1.4.13",
|
|
"golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"golang.org/x/term@v0.0.0-20210927222741-03fcf44c2211",
|
|
"golang.org/x/tools@v0.1.12",
|
|
"golang.org/x/sync@v0.0.0-20220722155255-886fb9371eb4",
|
|
"golang.org/x/xerrors@v0.0.0-20190717185122-a985d3407aa7"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.3.8",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.3.8",
|
|
"UID": "72dd1135d636d223"
|
|
},
|
|
"Version": "v0.3.8",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/yuin/goldmark@v1.4.13",
|
|
"Name": "github.com/yuin/goldmark",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/yuin/goldmark@v1.4.13",
|
|
"UID": "68e3bc0afd8ac57e"
|
|
},
|
|
"Version": "v1.4.13",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"UID": "3a37ec49b720a99f"
|
|
},
|
|
"Version": "v0.0.0-20210921155107-089bfa567519",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.6.0-dev.0.20220419223038-86c51ed26bb4",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.6.0-dev.0.20220419223038-86c51ed26bb4",
|
|
"UID": "296f26493b7d404"
|
|
},
|
|
"Version": "v0.6.0-dev.0.20220419223038-86c51ed26bb4",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"Version": "v0.0.0-20220722155237-a158d28d115b",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.0.0-20220722155255-886fb9371eb4",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.0.0-20220722155255-886fb9371eb4",
|
|
"UID": "1ffcc886fe7f6239"
|
|
},
|
|
"Version": "v0.0.0-20220722155255-886fb9371eb4",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.0.0-20220722155257-8c9f86f7a55f",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20220722155257-8c9f86f7a55f",
|
|
"UID": "9d4e8971d1091138"
|
|
},
|
|
"Version": "v0.0.0-20220722155257-8c9f86f7a55f",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/term@v0.0.0-20210927222741-03fcf44c2211",
|
|
"Name": "golang.org/x/term",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/term@v0.0.0-20210927222741-03fcf44c2211",
|
|
"UID": "2dafcd0b249f0103"
|
|
},
|
|
"Version": "v0.0.0-20210927222741-03fcf44c2211",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.1.12",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.1.12",
|
|
"UID": "e9e7c5172f9c0e6b"
|
|
},
|
|
"Version": "v0.1.12",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/xerrors@v0.0.0-20190717185122-a985d3407aa7",
|
|
"Name": "golang.org/x/xerrors",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/xerrors@v0.0.0-20190717185122-a985d3407aa7",
|
|
"UID": "441efcf343be7031"
|
|
},
|
|
"Version": "v0.0.0-20190717185122-a985d3407aa7",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2024-45337",
|
|
"VendorIDs": [
|
|
"GHSA-v778-237x-gjrc"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"UID": "3a37ec49b720a99f"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20210921155107-089bfa567519",
|
|
"FixedVersion": "0.31.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:515690a295c5424cc8b6a119a7ec6321bf3c58ee80ff18e998b5b621a4cc593d",
|
|
"Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
|
|
"Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
|
|
"Severity": "CRITICAL",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 4,
|
|
"cbl-mariner": 4,
|
|
"ghsa": 4,
|
|
"redhat": 3,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
|
"V3Score": 9.1
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
|
|
"V3Score": 8.2
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2024/12/11/2",
|
|
"https://access.redhat.com/security/cve/CVE-2024-45337",
|
|
"https://github.com/golang/crypto",
|
|
"https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
|
|
"https://go-review.googlesource.com/c/crypto/+/635315/",
|
|
"https://go.dev/cl/635315",
|
|
"https://go.dev/issue/70779",
|
|
"https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
|
|
"https://pkg.go.dev/vuln/GO-2024-3321",
|
|
"https://security.netapp.com/advisory/ntap-20250131-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250131-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7839-1",
|
|
"https://ubuntu.com/security/notices/USN-7839-2",
|
|
"https://www.cve.org/CVERecord?id=CVE-2024-45337"
|
|
],
|
|
"PublishedDate": "2024-12-12T02:02:07.97Z",
|
|
"LastModifiedDate": "2025-02-18T21:15:22.187Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2021-43565",
|
|
"VendorIDs": [
|
|
"GHSA-gwc9-m7rh-j2ww"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"UID": "3a37ec49b720a99f"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20210921155107-089bfa567519",
|
|
"FixedVersion": "0.0.0-20211202192323-5770296d904e",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-43565",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:04c5073ac8bb96169b9ae1575cf0173fac30ea4974ce30562f4e44530d4eac3e",
|
|
"Title": "golang.org/x/crypto: empty plaintext packet causes panic",
|
|
"Description": "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.",
|
|
"Severity": "HIGH",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"nvd": 3,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2021-43565",
|
|
"https://go.dev/cl/368814",
|
|
"https://go.dev/issues/49932",
|
|
"https://groups.google.com/forum/#!forum/golang-announce",
|
|
"https://groups.google.com/forum/#%21forum/golang-announce",
|
|
"https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2021-43565",
|
|
"https://pkg.go.dev/vuln/GO-2022-0968",
|
|
"https://www.cve.org/CVERecord?id=CVE-2021-43565"
|
|
],
|
|
"PublishedDate": "2022-09-06T18:15:10.297Z",
|
|
"LastModifiedDate": "2024-11-21T06:29:27.02Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2022-27191",
|
|
"VendorIDs": [
|
|
"GHSA-8c26-wmh5-6g9v"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"UID": "3a37ec49b720a99f"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20210921155107-089bfa567519",
|
|
"FixedVersion": "0.0.0-20220314234659-1baeb1ce4c0b",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27191",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:27306dbca049adae63c29baffc3394eea204b360ac68c92f8b64f737c836dae4",
|
|
"Title": "golang: crash in a golang.org/x/crypto/ssh server",
|
|
"Description": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
|
|
"Severity": "HIGH",
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 3,
|
|
"ghsa": 3,
|
|
"nvd": 3,
|
|
"oracle-oval": 2,
|
|
"redhat": 2,
|
|
"rocky": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"nvd": {
|
|
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V2Score": 4.3,
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2022:7469",
|
|
"https://access.redhat.com/security/cve/CVE-2022-27191",
|
|
"https://bugzilla.redhat.com/2064702",
|
|
"https://bugzilla.redhat.com/2085361",
|
|
"https://bugzilla.redhat.com/2086398",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2064702",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2076617",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2085361",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2086398",
|
|
"https://cs.opensource.google/go/x/crypto",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1708",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27191",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162",
|
|
"https://errata.almalinux.org/8/ALSA-2022-7469.html",
|
|
"https://errata.rockylinux.org/RLSA-2022:7469",
|
|
"https://go.dev/cl/392355",
|
|
"https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d",
|
|
"https://groups.google.com/g/golang-announce",
|
|
"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s",
|
|
"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ",
|
|
"https://linux.oracle.com/cve/CVE-2022-27191.html",
|
|
"https://linux.oracle.com/errata/ELSA-2022-8008.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
|
|
"https://pkg.go.dev/vuln/GO-2021-0356",
|
|
"https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml",
|
|
"https://security.netapp.com/advisory/ntap-20220429-0002",
|
|
"https://security.netapp.com/advisory/ntap-20220429-0002/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2022-27191"
|
|
],
|
|
"PublishedDate": "2022-03-18T07:15:06.75Z",
|
|
"LastModifiedDate": "2024-11-21T06:55:22.62Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22869",
|
|
"VendorIDs": [
|
|
"GHSA-hcg3-q754-cr77"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"UID": "3a37ec49b720a99f"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20210921155107-089bfa567519",
|
|
"FixedVersion": "0.35.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:d92660ec0893f3219470cbf420a6c5aeb72a9776fb2e18925b118008d16eaf41",
|
|
"Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
|
|
"Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 3,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"oracle-oval": 3,
|
|
"redhat": 3,
|
|
"rocky": 3
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2025:3833",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22869",
|
|
"https://bugzilla.redhat.com/2348367",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2348367",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869",
|
|
"https://errata.almalinux.org/9/ALSA-2025-3833.html",
|
|
"https://errata.rockylinux.org/RLSA-2025:7416",
|
|
"https://github.com/golang/crypto",
|
|
"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22",
|
|
"https://go-review.googlesource.com/c/crypto/+/652135",
|
|
"https://go.dev/cl/652135",
|
|
"https://go.dev/issue/71931",
|
|
"https://linux.oracle.com/cve/CVE-2025-22869.html",
|
|
"https://linux.oracle.com/errata/ELSA-2025-7484.html",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
|
|
"https://pkg.go.dev/vuln/GO-2025-3487",
|
|
"https://security.netapp.com/advisory/ntap-20250411-0010",
|
|
"https://security.netapp.com/advisory/ntap-20250411-0010/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22869"
|
|
],
|
|
"PublishedDate": "2025-02-26T08:14:24.997Z",
|
|
"LastModifiedDate": "2025-05-01T19:28:20.74Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2023-48795",
|
|
"VendorIDs": [
|
|
"GHSA-45x7-px36-x8w8"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"UID": "3a37ec49b720a99f"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20210921155107-089bfa567519",
|
|
"FixedVersion": "0.17.0, 0.0.0-20231218163308-9d2ee975ef9f",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-48795",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:4e5d9943fe1a7d4f14eece3936542c067f0183ff5a78a39724bc00d889b9baaa",
|
|
"Title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
|
|
"Description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-354"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"nvd": 2,
|
|
"oracle-oval": 2,
|
|
"photon": 2,
|
|
"redhat": 2,
|
|
"rocky": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"V3Score": 5.9
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"V3Score": 5.9
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"V3Score": 5.9
|
|
}
|
|
},
|
|
"References": [
|
|
"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
|
|
"http://seclists.org/fulldisclosure/2024/Mar/21",
|
|
"http://www.openwall.com/lists/oss-security/2023/12/18/3",
|
|
"http://www.openwall.com/lists/oss-security/2023/12/19/5",
|
|
"http://www.openwall.com/lists/oss-security/2023/12/20/3",
|
|
"http://www.openwall.com/lists/oss-security/2024/03/06/3",
|
|
"http://www.openwall.com/lists/oss-security/2024/04/17/8",
|
|
"https://access.redhat.com/errata/RHSA-2024:0628",
|
|
"https://access.redhat.com/security/cve/CVE-2023-48795",
|
|
"https://access.redhat.com/security/cve/cve-2023-48795",
|
|
"https://access.redhat.com/solutions/7071748",
|
|
"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack",
|
|
"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
|
|
"https://bugs.gentoo.org/920280",
|
|
"https://bugzilla.redhat.com/2254210",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
|
|
"https://bugzilla.suse.com/show_bug.cgi?id=1217950",
|
|
"https://crates.io/crates/thrussh/versions",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795",
|
|
"https://errata.almalinux.org/8/ALSA-2024-0628.html",
|
|
"https://errata.rockylinux.org/RLSA-2024:0628",
|
|
"https://filezilla-project.org/versions.php",
|
|
"https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
|
|
"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
|
|
"https://github.com/NixOS/nixpkgs/pull/275249",
|
|
"https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
|
|
"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
|
|
"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
|
|
"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
|
|
"https://github.com/advisories/GHSA-45x7-px36-x8w8",
|
|
"https://github.com/apache/mina-sshd/issues/445",
|
|
"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
|
|
"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
|
|
"https://github.com/cyd01/KiTTY/issues/520",
|
|
"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
|
|
"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
|
|
"https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
|
|
"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
|
|
"https://github.com/hierynomus/sshj/issues/916",
|
|
"https://github.com/janmojzis/tinyssh/issues/81",
|
|
"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
|
|
"https://github.com/libssh2/libssh2/pull/1291",
|
|
"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
|
|
"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
|
|
"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
|
|
"https://github.com/mwiede/jsch/issues/457",
|
|
"https://github.com/mwiede/jsch/pull/461",
|
|
"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
|
|
"https://github.com/openssh/openssh-portable/commits/master",
|
|
"https://github.com/paramiko/paramiko/issues/2337",
|
|
"https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773",
|
|
"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
|
|
"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
|
|
"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
|
|
"https://github.com/proftpd/proftpd/issues/456",
|
|
"https://github.com/rapier1/hpn-ssh/releases",
|
|
"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
|
|
"https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55",
|
|
"https://github.com/ronf/asyncssh/tags",
|
|
"https://github.com/ssh-mitm/ssh-mitm/issues/165",
|
|
"https://github.com/warp-tech/russh",
|
|
"https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951",
|
|
"https://github.com/warp-tech/russh/releases/tag/v0.40.2",
|
|
"https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8",
|
|
"https://gitlab.com/libssh/libssh-mirror/-/tags",
|
|
"https://go.dev/cl/550715",
|
|
"https://go.dev/issue/64784",
|
|
"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
|
|
"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
|
|
"https://help.panic.com/releasenotes/transmit5",
|
|
"https://help.panic.com/releasenotes/transmit5/",
|
|
"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795",
|
|
"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
|
|
"https://linux.oracle.com/cve/CVE-2023-48795.html",
|
|
"https://linux.oracle.com/errata/ELSA-2024-2988.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
|
|
"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
|
|
"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
|
|
"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
|
|
"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html",
|
|
"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html",
|
|
"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
|
|
"https://matt.ucc.asn.au/dropbear/CHANGES",
|
|
"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
|
|
"https://news.ycombinator.com/item?id=38684904",
|
|
"https://news.ycombinator.com/item?id=38685286",
|
|
"https://news.ycombinator.com/item?id=38732005",
|
|
"https://nova.app/releases/#v11.8",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
|
|
"https://oryx-embedded.com/download/#changelog",
|
|
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
|
|
"https://roumenpetrov.info/secsh/#news20231220",
|
|
"https://security-tracker.debian.org/tracker/CVE-2023-48795",
|
|
"https://security-tracker.debian.org/tracker/source-package/libssh2",
|
|
"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
|
|
"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
|
|
"https://security.gentoo.org/glsa/202312-16",
|
|
"https://security.gentoo.org/glsa/202312-17",
|
|
"https://security.netapp.com/advisory/ntap-20240105-0004",
|
|
"https://security.netapp.com/advisory/ntap-20240105-0004/",
|
|
"https://support.apple.com/kb/HT214084",
|
|
"https://terrapin-attack.com/",
|
|
"https://thorntech.com/cve-2023-48795-and-sftp-gateway",
|
|
"https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
|
|
"https://twitter.com/TrueSkrillor/status/1736774389725565005",
|
|
"https://ubuntu.com/security/CVE-2023-48795",
|
|
"https://ubuntu.com/security/notices/USN-6560-1",
|
|
"https://ubuntu.com/security/notices/USN-6560-2",
|
|
"https://ubuntu.com/security/notices/USN-6561-1",
|
|
"https://ubuntu.com/security/notices/USN-6585-1",
|
|
"https://ubuntu.com/security/notices/USN-6589-1",
|
|
"https://ubuntu.com/security/notices/USN-6598-1",
|
|
"https://ubuntu.com/security/notices/USN-6738-1",
|
|
"https://ubuntu.com/security/notices/USN-7051-1",
|
|
"https://ubuntu.com/security/notices/USN-7292-1",
|
|
"https://ubuntu.com/security/notices/USN-7297-1",
|
|
"https://winscp.net/eng/docs/history#6.2.2",
|
|
"https://www.bitvise.com/ssh-client-version-history#933",
|
|
"https://www.bitvise.com/ssh-server-version-history",
|
|
"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
|
|
"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
|
|
"https://www.cve.org/CVERecord?id=CVE-2023-48795",
|
|
"https://www.debian.org/security/2023/dsa-5586",
|
|
"https://www.debian.org/security/2023/dsa-5588",
|
|
"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
|
|
"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
|
|
"https://www.netsarang.com/en/xshell-update-history",
|
|
"https://www.netsarang.com/en/xshell-update-history/",
|
|
"https://www.openssh.com/openbsd.html",
|
|
"https://www.openssh.com/txt/release-9.6",
|
|
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
|
|
"https://www.openwall.com/lists/oss-security/2023/12/18/3",
|
|
"https://www.openwall.com/lists/oss-security/2023/12/20/3",
|
|
"https://www.paramiko.org/changelog.html",
|
|
"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed",
|
|
"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
|
|
"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795",
|
|
"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
|
|
"https://www.terrapin-attack.com",
|
|
"https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
|
|
"https://www.vandyke.com/products/securecrt/history.txt",
|
|
"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit",
|
|
"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
|
|
],
|
|
"PublishedDate": "2023-12-18T16:15:10.897Z",
|
|
"LastModifiedDate": "2025-11-04T22:15:55.11Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-47914",
|
|
"VendorIDs": [
|
|
"GHSA-f6x5-jh6r-wrfv"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"UID": "3a37ec49b720a99f"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20210921155107-089bfa567519",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:1090d072bcd45fdf5e1133c53b492b4d5dca1660f6d90aa15b3f64b63ff8b355",
|
|
"Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
|
|
"Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-47914",
|
|
"https://go.dev/cl/721960",
|
|
"https://go.dev/issue/76364",
|
|
"https://go.googlesource.com/crypto",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
|
|
"https://pkg.go.dev/vuln/GO-2025-4135",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-47914"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.517Z",
|
|
"LastModifiedDate": "2025-12-11T19:36:41.373Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-58181",
|
|
"VendorIDs": [
|
|
"GHSA-j5w8-q4qc-rx2x"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519",
|
|
"UID": "3a37ec49b720a99f"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20210921155107-089bfa567519",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:45c18ea0abd4c8b056a17b0d30aa9b6467add22f6e0e92ef036a8e2c31f3e665",
|
|
"Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
|
|
"Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-58181",
|
|
"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c",
|
|
"https://github.com/golang/go/issues/76363",
|
|
"https://go.dev/cl/721961",
|
|
"https://go.dev/issue/76363",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
|
|
"https://pkg.go.dev/vuln/GO-2025-4134",
|
|
"https://ubuntu.com/security/notices/USN-7956-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-58181"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.85Z",
|
|
"LastModifiedDate": "2025-12-11T19:29:24.9Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2022-27664",
|
|
"VendorIDs": [
|
|
"GHSA-69cg-p879-7622"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.0.0-20220906165146-f3363e06e74c",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:ef5a6811be738846c604c7528ac1028a1a1455e8841829733d86951443e44a8f",
|
|
"Title": "golang: net/http: handle server errors after sending GOAWAY",
|
|
"Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
|
|
"Severity": "HIGH",
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"bitnami": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"nvd": 3,
|
|
"oracle-oval": 2,
|
|
"photon": 3,
|
|
"redhat": 2,
|
|
"rocky": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"bitnami": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2024:0121",
|
|
"https://access.redhat.com/security/cve/CVE-2022-27664",
|
|
"https://bugzilla.redhat.com/2124669",
|
|
"https://bugzilla.redhat.com/2132867",
|
|
"https://bugzilla.redhat.com/2132868",
|
|
"https://bugzilla.redhat.com/2132872",
|
|
"https://bugzilla.redhat.com/2228743",
|
|
"https://bugzilla.redhat.com/2237773",
|
|
"https://bugzilla.redhat.com/2237776",
|
|
"https://bugzilla.redhat.com/2237777",
|
|
"https://bugzilla.redhat.com/2237778",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=1913333",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=1913338",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107371",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107374",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107383",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107386",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107388",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2113814",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2124669",
|
|
"https://cs.opensource.google/go/x/net",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189",
|
|
"https://errata.almalinux.org/8/ALSA-2024-0121.html",
|
|
"https://errata.rockylinux.org/RLSA-2022:7129",
|
|
"https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)",
|
|
"https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)",
|
|
"https://github.com/golang/go/issues/54658",
|
|
"https://go.dev/cl/428735",
|
|
"https://go.dev/issue/54658",
|
|
"https://groups.google.com/g/golang-announce",
|
|
"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s",
|
|
"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
|
|
"https://linux.oracle.com/cve/CVE-2022-27664.html",
|
|
"https://linux.oracle.com/errata/ELSA-2024-0121.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
|
|
"https://pkg.go.dev/vuln/GO-2022-0969",
|
|
"https://security.gentoo.org/glsa/202209-26",
|
|
"https://security.netapp.com/advisory/ntap-20220923-0004",
|
|
"https://security.netapp.com/advisory/ntap-20220923-0004/",
|
|
"https://ubuntu.com/security/notices/USN-6038-1",
|
|
"https://ubuntu.com/security/notices/USN-6038-2",
|
|
"https://www.cve.org/CVERecord?id=CVE-2022-27664"
|
|
],
|
|
"PublishedDate": "2022-09-06T18:15:12.747Z",
|
|
"LastModifiedDate": "2024-11-21T06:56:07.703Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2022-41721",
|
|
"VendorIDs": [
|
|
"GHSA-fxg5-wq6x-vr4w"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.1.1-0.20221104162952-702349b0e862",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:854e231596063d1c436c2a6afda57bb7e33214bb56394478c434fc6279f1fc21",
|
|
"Title": "x/net/http2/h2c: request smuggling",
|
|
"Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-444"
|
|
],
|
|
"VendorSeverity": {
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"nvd": 3,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2022-41721",
|
|
"https://cs.opensource.google/go/x/net",
|
|
"https://go.dev/cl/447396",
|
|
"https://go.dev/issue/56352",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP/",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2022-41721",
|
|
"https://pkg.go.dev/vuln/GO-2023-1495",
|
|
"https://www.cve.org/CVERecord?id=CVE-2022-41721"
|
|
],
|
|
"PublishedDate": "2023-01-13T23:15:09.25Z",
|
|
"LastModifiedDate": "2025-04-04T15:15:43.49Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2022-41723",
|
|
"VendorIDs": [
|
|
"GHSA-vvpx-j8f3-3w6h"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.7.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:a0d15b46e42b92f55c42a925222f738891987f5550ed6c1b8b9379bac484e6bc",
|
|
"Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding",
|
|
"Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.",
|
|
"Severity": "HIGH",
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"bitnami": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"nvd": 3,
|
|
"oracle-oval": 2,
|
|
"photon": 3,
|
|
"redhat": 2,
|
|
"rocky": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"bitnami": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2023:6939",
|
|
"https://access.redhat.com/security/cve/CVE-2022-41723",
|
|
"https://bugzilla.redhat.com/2163037",
|
|
"https://bugzilla.redhat.com/2174485",
|
|
"https://bugzilla.redhat.com/2175721",
|
|
"https://bugzilla.redhat.com/2178358",
|
|
"https://bugzilla.redhat.com/2178488",
|
|
"https://bugzilla.redhat.com/2178492",
|
|
"https://bugzilla.redhat.com/2182883",
|
|
"https://bugzilla.redhat.com/2182884",
|
|
"https://bugzilla.redhat.com/2184481",
|
|
"https://bugzilla.redhat.com/2184482",
|
|
"https://bugzilla.redhat.com/2184483",
|
|
"https://bugzilla.redhat.com/2184484",
|
|
"https://bugzilla.redhat.com/2196026",
|
|
"https://bugzilla.redhat.com/2196027",
|
|
"https://bugzilla.redhat.com/2196029",
|
|
"https://bugzilla.redhat.com/2222167",
|
|
"https://bugzilla.redhat.com/2228689",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2163037",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2174485",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2175721",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2178358",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2178488",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2178492",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2182883",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2182884",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184481",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184482",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184483",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184484",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2196026",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2196027",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2196029",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2222167",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2228689",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978",
|
|
"https://errata.almalinux.org/8/ALSA-2023-6939.html",
|
|
"https://errata.rockylinux.org/RLSA-2023:6939",
|
|
"https://github.com/advisories/GHSA-vvpx-j8f3-3w6h",
|
|
"https://go.dev/cl/468135",
|
|
"https://go.dev/cl/468295",
|
|
"https://go.dev/issue/57855",
|
|
"https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
|
|
"https://linux.oracle.com/cve/CVE-2022-41723.html",
|
|
"https://linux.oracle.com/errata/ELSA-2023-6939.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2022-41723",
|
|
"https://pkg.go.dev/vuln/GO-2023-1571",
|
|
"https://security.gentoo.org/glsa/202311-09",
|
|
"https://security.netapp.com/advisory/ntap-20230331-0010/",
|
|
"https://ubuntu.com/security/notices/USN-7109-1",
|
|
"https://ubuntu.com/security/notices/USN-7111-1",
|
|
"https://vuln.go.dev/ID/GO-2023-1571.json",
|
|
"https://www.couchbase.com/alerts",
|
|
"https://www.couchbase.com/alerts/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2022-41723"
|
|
],
|
|
"PublishedDate": "2023-02-28T18:15:09.98Z",
|
|
"LastModifiedDate": "2025-05-05T16:15:20.433Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2023-39325",
|
|
"VendorIDs": [
|
|
"GHSA-4374-p667-p6c8"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.17.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:f371e202e3e6b82b7201ca12021f4df97a8961426cabc28e96d3a54fadd1c01d",
|
|
"Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
|
|
"Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"bitnami": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"nvd": 3,
|
|
"oracle-oval": 2,
|
|
"redhat": 3,
|
|
"rocky": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"bitnami": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"golang.org/x/net",
|
|
"https://access.redhat.com/errata/RHSA-2023:5863",
|
|
"https://access.redhat.com/security/cve/CVE-2023-39325",
|
|
"https://access.redhat.com/security/cve/CVE-2023-44487",
|
|
"https://bugzilla.redhat.com/2242803",
|
|
"https://bugzilla.redhat.com/2243296",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2243296",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487",
|
|
"https://errata.almalinux.org/8/ALSA-2023-5863.html",
|
|
"https://errata.rockylinux.org/RLSA-2023:6077",
|
|
"https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]",
|
|
"https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]",
|
|
"https://github.com/golang/go/issues/63417",
|
|
"https://go.dev/cl/534215",
|
|
"https://go.dev/cl/534235",
|
|
"https://go.dev/issue/63417",
|
|
"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ",
|
|
"https://linux.oracle.com/cve/CVE-2023-39325.html",
|
|
"https://linux.oracle.com/errata/ELSA-2023-5867.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
|
|
"https://pkg.go.dev/vuln/GO-2023-2102",
|
|
"https://security.gentoo.org/glsa/202311-09",
|
|
"https://security.netapp.com/advisory/ntap-20231110-0008",
|
|
"https://security.netapp.com/advisory/ntap-20231110-0008/",
|
|
"https://ubuntu.com/security/notices/USN-6574-1",
|
|
"https://ubuntu.com/security/notices/USN-7061-1",
|
|
"https://ubuntu.com/security/notices/USN-7109-1",
|
|
"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
|
|
"https://www.cve.org/CVERecord?id=CVE-2023-39325"
|
|
],
|
|
"PublishedDate": "2023-10-11T22:15:09.88Z",
|
|
"LastModifiedDate": "2024-11-21T08:15:09.627Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2022-41717",
|
|
"VendorIDs": [
|
|
"GHSA-xrjj-mj9h-534m"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.4.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41717",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:70104d2ced2fae31a50ad64407872a3cf6acf11d55b13ff7e75e72c23a404734",
|
|
"Title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
|
|
"Description": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"bitnami": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"nvd": 2,
|
|
"oracle-oval": 2,
|
|
"photon": 2,
|
|
"redhat": 2,
|
|
"rocky": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"bitnami": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2023:2866",
|
|
"https://access.redhat.com/security/cve/CVE-2022-41717",
|
|
"https://bugzilla.redhat.com/2132868",
|
|
"https://bugzilla.redhat.com/2132872",
|
|
"https://bugzilla.redhat.com/2161274",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107342",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107371",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107374",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107376",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107383",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107386",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107388",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107390",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2107392",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2113814",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2121445",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2124669",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2161274",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2168256",
|
|
"https://cs.opensource.google/go/x/net",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2989",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0778",
|
|
"https://errata.almalinux.org/8/ALSA-2023-2866.html",
|
|
"https://errata.rockylinux.org/RLSA-2023:2802",
|
|
"https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4)",
|
|
"https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9)",
|
|
"https://go.dev/cl/455635",
|
|
"https://go.dev/cl/455717",
|
|
"https://go.dev/issue/56350",
|
|
"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU",
|
|
"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
|
|
"https://linux.oracle.com/cve/CVE-2022-41717.html",
|
|
"https://linux.oracle.com/errata/ELSA-2023-6420.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
|
|
"https://pkg.go.dev/vuln/GO-2022-1144",
|
|
"https://security.gentoo.org/glsa/202311-09",
|
|
"https://security.netapp.com/advisory/ntap-20230120-0008/",
|
|
"https://ubuntu.com/security/notices/USN-6038-1",
|
|
"https://ubuntu.com/security/notices/USN-6038-2",
|
|
"https://www.cve.org/CVERecord?id=CVE-2022-41717"
|
|
],
|
|
"PublishedDate": "2022-12-08T20:15:10.33Z",
|
|
"LastModifiedDate": "2024-11-21T07:23:43.713Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2023-3978",
|
|
"VendorIDs": [
|
|
"GHSA-2wrh-6pvc-2jm9"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.13.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3978",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:398c9fe784310f881a84c25c50dce748726c1cd42c817860009d1d23c8a1205a",
|
|
"Title": "golang.org/x/net/html: Cross site scripting",
|
|
"Description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-79"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 2,
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"nvd": 2,
|
|
"oracle-oval": 2,
|
|
"redhat": 2,
|
|
"rocky": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"V3Score": 6.1
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"V3Score": 6.1
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"V3Score": 6.1
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2023:6939",
|
|
"https://access.redhat.com/security/cve/CVE-2023-3978",
|
|
"https://bugzilla.redhat.com/2163037",
|
|
"https://bugzilla.redhat.com/2174485",
|
|
"https://bugzilla.redhat.com/2175721",
|
|
"https://bugzilla.redhat.com/2178358",
|
|
"https://bugzilla.redhat.com/2178488",
|
|
"https://bugzilla.redhat.com/2178492",
|
|
"https://bugzilla.redhat.com/2182883",
|
|
"https://bugzilla.redhat.com/2182884",
|
|
"https://bugzilla.redhat.com/2184481",
|
|
"https://bugzilla.redhat.com/2184482",
|
|
"https://bugzilla.redhat.com/2184483",
|
|
"https://bugzilla.redhat.com/2184484",
|
|
"https://bugzilla.redhat.com/2196026",
|
|
"https://bugzilla.redhat.com/2196027",
|
|
"https://bugzilla.redhat.com/2196029",
|
|
"https://bugzilla.redhat.com/2222167",
|
|
"https://bugzilla.redhat.com/2228689",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2163037",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2174485",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2175721",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2178358",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2178488",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2178492",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2182883",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2182884",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184481",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184482",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184483",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2184484",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2196026",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2196027",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2196029",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2222167",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2228689",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978",
|
|
"https://errata.almalinux.org/8/ALSA-2023-6939.html",
|
|
"https://errata.rockylinux.org/RLSA-2023:6939",
|
|
"https://go.dev/cl/514896",
|
|
"https://go.dev/issue/61615",
|
|
"https://linux.oracle.com/cve/CVE-2023-3978.html",
|
|
"https://linux.oracle.com/errata/ELSA-2023-6939.html",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2023-3978",
|
|
"https://pkg.go.dev/vuln/GO-2023-1988",
|
|
"https://www.cve.org/CVERecord?id=CVE-2023-3978"
|
|
],
|
|
"PublishedDate": "2023-08-02T20:15:12.097Z",
|
|
"LastModifiedDate": "2024-11-21T08:18:27.68Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2023-44487",
|
|
"VendorIDs": [
|
|
"GHSA-qppj-fm5r-hxr3"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.17.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-44487",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:c0693e57693051cc07ccb37a388517dd654c48e769b19dfba27b60fa87c98786",
|
|
"Title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
|
|
"Description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-400"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 3,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"bitnami": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 2,
|
|
"nvd": 3,
|
|
"oracle-oval": 3,
|
|
"photon": 3,
|
|
"redhat": 3,
|
|
"rocky": 3,
|
|
"ubuntu": 3
|
|
},
|
|
"CVSS": {
|
|
"bitnami": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H",
|
|
"V3Score": 5.3
|
|
},
|
|
"nvd": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2023/10/10/6",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/10/7",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/13/4",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/13/9",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/18/4",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/18/8",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/19/6",
|
|
"http://www.openwall.com/lists/oss-security/2023/10/20/8",
|
|
"http://www.openwall.com/lists/oss-security/2025/08/13/6",
|
|
"https://access.redhat.com/errata/RHSA-2024:1444",
|
|
"https://access.redhat.com/security/cve/CVE-2023-44487",
|
|
"https://access.redhat.com/security/cve/cve-2023-44487",
|
|
"https://akka.io/security/akka-http-cve-2023-44487.html",
|
|
"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size",
|
|
"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/",
|
|
"https://aws.amazon.com/security/security-bulletins/AWS-2023-011",
|
|
"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/",
|
|
"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack",
|
|
"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/",
|
|
"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack",
|
|
"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/",
|
|
"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty",
|
|
"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/",
|
|
"https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released",
|
|
"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack",
|
|
"https://blog.vespa.ai/cve-2023-44487",
|
|
"https://blog.vespa.ai/cve-2023-44487/",
|
|
"https://bugzilla.proxmox.com/show_bug.cgi?id=4988",
|
|
"https://bugzilla.redhat.com/2242803",
|
|
"https://bugzilla.redhat.com/2264574",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
|
|
"https://bugzilla.suse.com/show_bug.cgi?id=1216123",
|
|
"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9",
|
|
"https://chaos.social/@icing/111210915918780532",
|
|
"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps",
|
|
"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/",
|
|
"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack",
|
|
"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487",
|
|
"https://devblogs.microsoft.com/dotnet/october-2023-updates/",
|
|
"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715",
|
|
"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
|
|
"https://errata.almalinux.org/8/ALSA-2024-1444.html",
|
|
"https://errata.rockylinux.org/RLSA-2023:5838",
|
|
"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764",
|
|
"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088",
|
|
"https://github.com/Azure/AKS/issues/3947",
|
|
"https://github.com/Kong/kong/discussions/11741",
|
|
"https://github.com/advisories/GHSA-qppj-fm5r-hxr3",
|
|
"https://github.com/advisories/GHSA-vx74-f528-fxqg",
|
|
"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p",
|
|
"https://github.com/akka/akka-http/issues/4323",
|
|
"https://github.com/akka/akka-http/pull/4324",
|
|
"https://github.com/akka/akka-http/pull/4325",
|
|
"https://github.com/alibaba/tengine/issues/1872",
|
|
"https://github.com/apache/apisix/issues/10320",
|
|
"https://github.com/apache/httpd-site/pull/10",
|
|
"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113",
|
|
"https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628",
|
|
"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2",
|
|
"https://github.com/apache/trafficserver/pull/10564",
|
|
"https://github.com/apple/swift-nio-http2",
|
|
"https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3",
|
|
"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487",
|
|
"https://github.com/bcdannyboy/CVE-2023-44487",
|
|
"https://github.com/caddyserver/caddy/issues/5877",
|
|
"https://github.com/caddyserver/caddy/releases/tag/v2.7.5",
|
|
"https://github.com/dotnet/announcements/issues/277",
|
|
"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73",
|
|
"https://github.com/eclipse/jetty.project/issues/10679",
|
|
"https://github.com/envoyproxy/envoy/pull/30055",
|
|
"https://github.com/etcd-io/etcd/issues/16740",
|
|
"https://github.com/facebook/proxygen/pull/466",
|
|
"https://github.com/golang/go/issues/63417",
|
|
"https://github.com/grpc/grpc-go/pull/6703",
|
|
"https://github.com/grpc/grpc-go/releases",
|
|
"https://github.com/grpc/grpc/releases/tag/v1.59.2",
|
|
"https://github.com/h2o/h2o/pull/3291",
|
|
"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf",
|
|
"https://github.com/haproxy/haproxy/issues/2312",
|
|
"https://github.com/hyperium/hyper/issues/3337",
|
|
"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244",
|
|
"https://github.com/junkurihara/rust-rpxy/issues/97",
|
|
"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1",
|
|
"https://github.com/kazu-yamamoto/http2/issues/93",
|
|
"https://github.com/kubernetes/kubernetes/pull/121120",
|
|
"https://github.com/line/armeria/pull/5232",
|
|
"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632",
|
|
"https://github.com/micrictor/http2-rst-stream",
|
|
"https://github.com/microsoft/CBL-Mariner/pull/6381",
|
|
"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
|
|
"https://github.com/nghttp2/nghttp2/pull/1961",
|
|
"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0",
|
|
"https://github.com/ninenines/cowboy/issues/1615",
|
|
"https://github.com/nodejs/node/pull/50121",
|
|
"https://github.com/openresty/openresty/issues/930",
|
|
"https://github.com/opensearch-project/data-prepper/issues/3474",
|
|
"https://github.com/oqtane/oqtane.framework/discussions/3367",
|
|
"https://github.com/projectcontour/contour/pull/5826",
|
|
"https://github.com/tempesta-tech/tempesta/issues/1986",
|
|
"https://github.com/varnishcache/varnish-cache/issues/3996",
|
|
"https://go.dev/cl/534215",
|
|
"https://go.dev/cl/534235",
|
|
"https://go.dev/issue/63417",
|
|
"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo",
|
|
"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ",
|
|
"https://istio.io/latest/news/security/istio-security-2023-004",
|
|
"https://istio.io/latest/news/security/istio-security-2023-004/",
|
|
"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487",
|
|
"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/",
|
|
"https://linux.oracle.com/cve/CVE-2023-44487.html",
|
|
"https://linux.oracle.com/errata/ELSA-2024-1444.html",
|
|
"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html",
|
|
"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/",
|
|
"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html",
|
|
"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html",
|
|
"https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html",
|
|
"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html",
|
|
"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2",
|
|
"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/",
|
|
"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487",
|
|
"https://my.f5.com/manage/s/article/K000137106",
|
|
"https://netty.io/news/2023/10/10/4-1-100-Final.html",
|
|
"https://news.ycombinator.com/item?id=37830987",
|
|
"https://news.ycombinator.com/item?id=37830998",
|
|
"https://news.ycombinator.com/item?id=37831062",
|
|
"https://news.ycombinator.com/item?id=37837043",
|
|
"https://nodejs.org/en/blog/vulnerability/october-2023-security-releases",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
|
|
"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response",
|
|
"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/",
|
|
"https://pkg.go.dev/vuln/GO-2023-2102",
|
|
"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected",
|
|
"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ",
|
|
"https://security.gentoo.org/glsa/202311-09",
|
|
"https://security.netapp.com/advisory/ntap-20231016-0001",
|
|
"https://security.netapp.com/advisory/ntap-20231016-0001/",
|
|
"https://security.netapp.com/advisory/ntap-20240426-0007",
|
|
"https://security.netapp.com/advisory/ntap-20240426-0007/",
|
|
"https://security.netapp.com/advisory/ntap-20240621-0006",
|
|
"https://security.netapp.com/advisory/ntap-20240621-0006/",
|
|
"https://security.netapp.com/advisory/ntap-20240621-0007",
|
|
"https://security.netapp.com/advisory/ntap-20240621-0007/",
|
|
"https://security.paloaltonetworks.com/CVE-2023-44487",
|
|
"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14",
|
|
"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12",
|
|
"https://tomcat.apache.org/security-8.html",
|
|
"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94",
|
|
"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81",
|
|
"https://ubuntu.com/security/CVE-2023-44487",
|
|
"https://ubuntu.com/security/notices/USN-6427-1",
|
|
"https://ubuntu.com/security/notices/USN-6427-2",
|
|
"https://ubuntu.com/security/notices/USN-6438-1",
|
|
"https://ubuntu.com/security/notices/USN-6505-1",
|
|
"https://ubuntu.com/security/notices/USN-6574-1",
|
|
"https://ubuntu.com/security/notices/USN-6754-1",
|
|
"https://ubuntu.com/security/notices/USN-6994-1",
|
|
"https://ubuntu.com/security/notices/USN-7067-1",
|
|
"https://ubuntu.com/security/notices/USN-7410-1",
|
|
"https://ubuntu.com/security/notices/USN-7469-1",
|
|
"https://ubuntu.com/security/notices/USN-7469-2",
|
|
"https://ubuntu.com/security/notices/USN-7469-3",
|
|
"https://ubuntu.com/security/notices/USN-7469-4",
|
|
"https://ubuntu.com/security/notices/USN-7892-1",
|
|
"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records",
|
|
"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
|
|
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
|
|
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487",
|
|
"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
|
|
"https://www.cve.org/CVERecord?id=CVE-2023-44487",
|
|
"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event",
|
|
"https://www.debian.org/security/2023/dsa-5521",
|
|
"https://www.debian.org/security/2023/dsa-5522",
|
|
"https://www.debian.org/security/2023/dsa-5540",
|
|
"https://www.debian.org/security/2023/dsa-5549",
|
|
"https://www.debian.org/security/2023/dsa-5558",
|
|
"https://www.debian.org/security/2023/dsa-5570",
|
|
"https://www.eclipse.org/lists/jetty-announce/msg00181.html",
|
|
"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
|
|
"https://www.mail-archive.com/haproxy@formilux.org/msg44134.html",
|
|
"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487",
|
|
"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/",
|
|
"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products",
|
|
"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
|
|
"https://www.openwall.com/lists/oss-security/2023/10/10/6",
|
|
"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack",
|
|
"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday",
|
|
"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/",
|
|
"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
|
|
],
|
|
"PublishedDate": "2023-10-10T14:15:10.883Z",
|
|
"LastModifiedDate": "2025-11-07T19:00:41.81Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2023-45288",
|
|
"VendorIDs": [
|
|
"GHSA-4v7x-pqxf-cx7m"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.23.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:536d8acd849a503dd4afe72e74e26387c1ecb66d2ac2e14eaa84725cf1c49148",
|
|
"Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
|
|
"Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"alma": 3,
|
|
"amazon": 2,
|
|
"azure": 3,
|
|
"bitnami": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 2,
|
|
"oracle-oval": 3,
|
|
"photon": 3,
|
|
"redhat": 3,
|
|
"rocky": 3,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"bitnami": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2024/04/03/16",
|
|
"http://www.openwall.com/lists/oss-security/2024/04/05/4",
|
|
"https://access.redhat.com/errata/RHSA-2024:3346",
|
|
"https://access.redhat.com/security/cve/CVE-2023-45288",
|
|
"https://bugzilla.redhat.com/2268017",
|
|
"https://bugzilla.redhat.com/2268018",
|
|
"https://bugzilla.redhat.com/2268019",
|
|
"https://bugzilla.redhat.com/2268273",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2268017",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2268018",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2268019",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2268273",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783",
|
|
"https://errata.almalinux.org/8/ALSA-2024-3346.html",
|
|
"https://errata.rockylinux.org/RLSA-2024:2724",
|
|
"https://go.dev/cl/576155",
|
|
"https://go.dev/issue/65051",
|
|
"https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M",
|
|
"https://kb.cert.org/vuls/id/421644",
|
|
"https://linux.oracle.com/cve/CVE-2023-45288.html",
|
|
"https://linux.oracle.com/errata/ELSA-2024-3346.html",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT",
|
|
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/",
|
|
"https://nowotarski.info/http2-continuation-flood-technical-details",
|
|
"https://nowotarski.info/http2-continuation-flood/",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
|
|
"https://pkg.go.dev/vuln/GO-2024-2687",
|
|
"https://security.netapp.com/advisory/ntap-20240419-0009",
|
|
"https://security.netapp.com/advisory/ntap-20240419-0009/",
|
|
"https://ubuntu.com/security/notices/USN-6886-1",
|
|
"https://ubuntu.com/security/notices/USN-7109-1",
|
|
"https://ubuntu.com/security/notices/USN-7111-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2023-45288",
|
|
"https://www.kb.cert.org/vuls/id/421644"
|
|
],
|
|
"PublishedDate": "2024-04-04T21:15:16.113Z",
|
|
"LastModifiedDate": "2025-11-04T19:16:01.263Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22870",
|
|
"VendorIDs": [
|
|
"GHSA-qxp5-gwg8-xv66"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.36.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:47daf422282831d7be85285960812ffed0c12b52ee82b8ed9db85e96d07ea6ce",
|
|
"Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
|
|
"Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-115"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2025/03/07/2",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22870",
|
|
"https://github.com/golang/go/issues/71984",
|
|
"https://go-review.googlesource.com/q/project:net",
|
|
"https://go.dev/cl/654697",
|
|
"https://go.dev/issue/71984",
|
|
"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
|
|
"https://pkg.go.dev/vuln/GO-2025-3503",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7574-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22870"
|
|
],
|
|
"PublishedDate": "2025-03-12T19:15:38.31Z",
|
|
"LastModifiedDate": "2025-05-09T20:15:38.727Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22872",
|
|
"VendorIDs": [
|
|
"GHSA-vvgc-356p-c3xw"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b",
|
|
"UID": "29f643feb5a0ac79"
|
|
},
|
|
"InstalledVersion": "v0.0.0-20220722155237-a158d28d115b",
|
|
"FixedVersion": "0.38.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:520fee22e89e226a10191edf22c51c0ddfd183c99761afe30688136e3e671c0f",
|
|
"Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
|
|
"Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22872",
|
|
"https://github.com/advisories/GHSA-vvgc-356p-c3xw",
|
|
"https://go.dev/cl/662715",
|
|
"https://go.dev/issue/73070",
|
|
"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22872",
|
|
"https://pkg.go.dev/vuln/GO-2025-3595",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22872"
|
|
],
|
|
"PublishedDate": "2025-04-16T18:16:04.183Z",
|
|
"LastModifiedDate": "2025-05-16T23:15:19.707Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/go-playground/universal-translator@v0.18.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/go-playground/universal-translator",
|
|
"Name": "github.com/go-playground/universal-translator",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/universal-translator",
|
|
"UID": "b39fca70ce508520"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/go-playground/locales@v0.14.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/locales@v0.14.1",
|
|
"Name": "github.com/go-playground/locales",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/locales@v0.14.1",
|
|
"UID": "ec97c7b5da819a8d"
|
|
},
|
|
"Version": "v0.14.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/go-playground/validator/v10@v10.27.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/go-playground/validator/v10",
|
|
"Name": "github.com/go-playground/validator/v10",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/validator/v10",
|
|
"UID": "1c418a072b459fc2"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/gabriel-vasile/mimetype@v1.4.8",
|
|
"github.com/go-playground/assert/v2@v2.2.0",
|
|
"github.com/go-playground/locales@v0.14.1",
|
|
"github.com/go-playground/universal-translator@v0.18.1",
|
|
"github.com/leodido/go-urn@v1.4.0",
|
|
"golang.org/x/crypto@v0.33.0",
|
|
"golang.org/x/text@v0.22.0",
|
|
"golang.org/x/net@v0.34.0",
|
|
"golang.org/x/sys@v0.30.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gabriel-vasile/mimetype@v1.4.8",
|
|
"Name": "github.com/gabriel-vasile/mimetype",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gabriel-vasile/mimetype@v1.4.8",
|
|
"UID": "75d49334d382aa4a"
|
|
},
|
|
"Version": "v1.4.8",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/assert/v2@v2.2.0",
|
|
"Name": "github.com/go-playground/assert/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/assert/v2@v2.2.0",
|
|
"UID": "c203b2faa3f16d58"
|
|
},
|
|
"Version": "v2.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/locales@v0.14.1",
|
|
"Name": "github.com/go-playground/locales",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/locales@v0.14.1",
|
|
"UID": "a38457f4a462da75"
|
|
},
|
|
"Version": "v0.14.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/text@v0.22.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/universal-translator@v0.18.1",
|
|
"Name": "github.com/go-playground/universal-translator",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/universal-translator@v0.18.1",
|
|
"UID": "5d7aa5b98755aecf"
|
|
},
|
|
"Version": "v0.18.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/go-playground/locales@v0.14.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/leodido/go-urn@v1.4.0",
|
|
"Name": "github.com/leodido/go-urn",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/leodido/go-urn@v1.4.0",
|
|
"UID": "f6fa4c168eda8943"
|
|
},
|
|
"Version": "v1.4.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.33.0",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.33.0",
|
|
"UID": "c13208669b7feabf"
|
|
},
|
|
"Version": "v0.33.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.22.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.22.0",
|
|
"UID": "c4e91c7251fbcde0"
|
|
},
|
|
"Version": "v0.22.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.34.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.34.0",
|
|
"UID": "6cfd2987f0f022ba"
|
|
},
|
|
"Version": "v0.34.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.30.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.30.0",
|
|
"UID": "93d1b2d81ecaae27"
|
|
},
|
|
"Version": "v0.30.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22869",
|
|
"VendorIDs": [
|
|
"GHSA-hcg3-q754-cr77"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.33.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.33.0",
|
|
"UID": "c13208669b7feabf"
|
|
},
|
|
"InstalledVersion": "v0.33.0",
|
|
"FixedVersion": "0.35.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:d8017864d936592777138233292b8a25eeb9bdf651aa1f02d3c372b2d332a9ec",
|
|
"Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
|
|
"Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 3,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"oracle-oval": 3,
|
|
"redhat": 3,
|
|
"rocky": 3
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2025:3833",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22869",
|
|
"https://bugzilla.redhat.com/2348367",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2348367",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869",
|
|
"https://errata.almalinux.org/9/ALSA-2025-3833.html",
|
|
"https://errata.rockylinux.org/RLSA-2025:7416",
|
|
"https://github.com/golang/crypto",
|
|
"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22",
|
|
"https://go-review.googlesource.com/c/crypto/+/652135",
|
|
"https://go.dev/cl/652135",
|
|
"https://go.dev/issue/71931",
|
|
"https://linux.oracle.com/cve/CVE-2025-22869.html",
|
|
"https://linux.oracle.com/errata/ELSA-2025-7484.html",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
|
|
"https://pkg.go.dev/vuln/GO-2025-3487",
|
|
"https://security.netapp.com/advisory/ntap-20250411-0010",
|
|
"https://security.netapp.com/advisory/ntap-20250411-0010/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22869"
|
|
],
|
|
"PublishedDate": "2025-02-26T08:14:24.997Z",
|
|
"LastModifiedDate": "2025-05-01T19:28:20.74Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-47914",
|
|
"VendorIDs": [
|
|
"GHSA-f6x5-jh6r-wrfv"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.33.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.33.0",
|
|
"UID": "c13208669b7feabf"
|
|
},
|
|
"InstalledVersion": "v0.33.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:19bb6a6124145e1852c64b758e7abddbf63b925a8009f33be6af7f57ed30801f",
|
|
"Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
|
|
"Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-47914",
|
|
"https://go.dev/cl/721960",
|
|
"https://go.dev/issue/76364",
|
|
"https://go.googlesource.com/crypto",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
|
|
"https://pkg.go.dev/vuln/GO-2025-4135",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-47914"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.517Z",
|
|
"LastModifiedDate": "2025-12-11T19:36:41.373Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-58181",
|
|
"VendorIDs": [
|
|
"GHSA-j5w8-q4qc-rx2x"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.33.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.33.0",
|
|
"UID": "c13208669b7feabf"
|
|
},
|
|
"InstalledVersion": "v0.33.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:36ae0c4dc08e2788deb43c4ae1f45dde3e2f656d04989ffb25606897c5b3080b",
|
|
"Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
|
|
"Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-58181",
|
|
"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c",
|
|
"https://github.com/golang/go/issues/76363",
|
|
"https://go.dev/cl/721961",
|
|
"https://go.dev/issue/76363",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
|
|
"https://pkg.go.dev/vuln/GO-2025-4134",
|
|
"https://ubuntu.com/security/notices/USN-7956-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-58181"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.85Z",
|
|
"LastModifiedDate": "2025-12-11T19:29:24.9Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22870",
|
|
"VendorIDs": [
|
|
"GHSA-qxp5-gwg8-xv66"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.34.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.34.0",
|
|
"UID": "6cfd2987f0f022ba"
|
|
},
|
|
"InstalledVersion": "v0.34.0",
|
|
"FixedVersion": "0.36.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:8edc03bd6dd39b93c4969fe153d2a0dd75a3ec136e79bf0e0a64ff661576de2b",
|
|
"Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
|
|
"Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-115"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2025/03/07/2",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22870",
|
|
"https://github.com/golang/go/issues/71984",
|
|
"https://go-review.googlesource.com/q/project:net",
|
|
"https://go.dev/cl/654697",
|
|
"https://go.dev/issue/71984",
|
|
"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
|
|
"https://pkg.go.dev/vuln/GO-2025-3503",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7574-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22870"
|
|
],
|
|
"PublishedDate": "2025-03-12T19:15:38.31Z",
|
|
"LastModifiedDate": "2025-05-09T20:15:38.727Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22872",
|
|
"VendorIDs": [
|
|
"GHSA-vvgc-356p-c3xw"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.34.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.34.0",
|
|
"UID": "6cfd2987f0f022ba"
|
|
},
|
|
"InstalledVersion": "v0.34.0",
|
|
"FixedVersion": "0.38.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:043a72475c50b127a61fc3170c0adb673d01ad98e2aa198e1843df8bebd875cb",
|
|
"Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
|
|
"Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22872",
|
|
"https://github.com/advisories/GHSA-vvgc-356p-c3xw",
|
|
"https://go.dev/cl/662715",
|
|
"https://go.dev/issue/73070",
|
|
"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22872",
|
|
"https://pkg.go.dev/vuln/GO-2025-3595",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22872"
|
|
],
|
|
"PublishedDate": "2025-04-16T18:16:04.183Z",
|
|
"LastModifiedDate": "2025-05-16T23:15:19.707Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/go-playground/validator/v10@v10.28.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/go-playground/validator/v10",
|
|
"Name": "github.com/go-playground/validator/v10",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/validator/v10",
|
|
"UID": "ede94da5b34b79a"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/gabriel-vasile/mimetype@v1.4.10",
|
|
"github.com/go-playground/assert/v2@v2.2.0",
|
|
"github.com/go-playground/locales@v0.14.1",
|
|
"github.com/go-playground/universal-translator@v0.18.1",
|
|
"github.com/leodido/go-urn@v1.4.0",
|
|
"golang.org/x/crypto@v0.42.0",
|
|
"golang.org/x/text@v0.29.0",
|
|
"golang.org/x/sys@v0.36.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gabriel-vasile/mimetype@v1.4.10",
|
|
"Name": "github.com/gabriel-vasile/mimetype",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gabriel-vasile/mimetype@v1.4.10",
|
|
"UID": "89347d6fa739f43c"
|
|
},
|
|
"Version": "v1.4.10",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/assert/v2@v2.2.0",
|
|
"Name": "github.com/go-playground/assert/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/assert/v2@v2.2.0",
|
|
"UID": "b8b4bebf168841c3"
|
|
},
|
|
"Version": "v2.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/locales@v0.14.1",
|
|
"Name": "github.com/go-playground/locales",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/locales@v0.14.1",
|
|
"UID": "17abbe323de259e9"
|
|
},
|
|
"Version": "v0.14.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/text@v0.29.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/universal-translator@v0.18.1",
|
|
"Name": "github.com/go-playground/universal-translator",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/universal-translator@v0.18.1",
|
|
"UID": "cca5e6decd5f5d34"
|
|
},
|
|
"Version": "v0.18.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/go-playground/locales@v0.14.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/leodido/go-urn@v1.4.0",
|
|
"Name": "github.com/leodido/go-urn",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/leodido/go-urn@v1.4.0",
|
|
"UID": "4be283dd94901040"
|
|
},
|
|
"Version": "v1.4.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.42.0",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.42.0",
|
|
"UID": "48058e1171277014"
|
|
},
|
|
"Version": "v0.42.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.29.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.29.0",
|
|
"UID": "48f1edc5158d6879"
|
|
},
|
|
"Version": "v0.29.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.36.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.36.0",
|
|
"UID": "77bbab000591cf6b"
|
|
},
|
|
"Version": "v0.36.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-47914",
|
|
"VendorIDs": [
|
|
"GHSA-f6x5-jh6r-wrfv"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.42.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.42.0",
|
|
"UID": "48058e1171277014"
|
|
},
|
|
"InstalledVersion": "v0.42.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:80873fd84d1ddba30b0ff3e5ec90713282d12100d2b3ffee2262963431c1c387",
|
|
"Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
|
|
"Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-47914",
|
|
"https://go.dev/cl/721960",
|
|
"https://go.dev/issue/76364",
|
|
"https://go.googlesource.com/crypto",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
|
|
"https://pkg.go.dev/vuln/GO-2025-4135",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-47914"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.517Z",
|
|
"LastModifiedDate": "2025-12-11T19:36:41.373Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-58181",
|
|
"VendorIDs": [
|
|
"GHSA-j5w8-q4qc-rx2x"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.42.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.42.0",
|
|
"UID": "48058e1171277014"
|
|
},
|
|
"InstalledVersion": "v0.42.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:2e49323b58fe64071a5a91dda8e596cef42e3b6a59cfb1ba86c8ca4f05819cc4",
|
|
"Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
|
|
"Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-58181",
|
|
"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c",
|
|
"https://github.com/golang/go/issues/76363",
|
|
"https://go.dev/cl/721961",
|
|
"https://go.dev/issue/76363",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
|
|
"https://pkg.go.dev/vuln/GO-2025-4134",
|
|
"https://ubuntu.com/security/notices/USN-7956-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-58181"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.85Z",
|
|
"LastModifiedDate": "2025-12-11T19:29:24.9Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/goccy/go-yaml@v1.18.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/goccy/go-yaml",
|
|
"Name": "github.com/goccy/go-yaml",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/goccy/go-yaml",
|
|
"UID": "6fc3e54085850498"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/golang-jwt/jwt/v5@v5.3.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/golang-jwt/jwt/v5",
|
|
"Name": "github.com/golang-jwt/jwt/v5",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/golang-jwt/jwt/v5",
|
|
"UID": "377f5432deb782a1"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/golang/vscode-go/survey@v0.1.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/golang/vscode-go/survey",
|
|
"Name": "github.com/golang/vscode-go/survey",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/golang/vscode-go/survey",
|
|
"UID": "737622e7fe80de10"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/google/go-cmp@v0.7.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/google/go-cmp",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp",
|
|
"UID": "d6404e54964836fd"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/google/jsonschema-go@v0.3.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/google/jsonschema-go",
|
|
"Name": "github.com/google/jsonschema-go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/jsonschema-go",
|
|
"UID": "1ddb6e7f7afb970a"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "5e46f104a2eda7a0"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/google/uuid@v1.6.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/google/uuid",
|
|
"Name": "github.com/google/uuid",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/uuid",
|
|
"UID": "40ce2e239df9b3c5"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/gorilla/websocket@v1.5.3/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/gorilla/websocket",
|
|
"Name": "github.com/gorilla/websocket",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gorilla/websocket",
|
|
"UID": "f66f4094515871bb"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/jinzhu/inflection@v1.0.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/jinzhu/inflection",
|
|
"Name": "github.com/jinzhu/inflection",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jinzhu/inflection",
|
|
"UID": "b00862e64b9e1732"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/jinzhu/now@v1.1.5/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/jinzhu/now",
|
|
"Name": "github.com/jinzhu/now",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jinzhu/now",
|
|
"UID": "78aa7b8c285aaeaf"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/leodido/go-urn@v1.4.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/leodido/go-urn",
|
|
"Name": "github.com/leodido/go-urn",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/leodido/go-urn",
|
|
"UID": "f25625bda2780b1"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.8.4",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.8.4",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.8.4",
|
|
"UID": "b991472fcb2758a5"
|
|
},
|
|
"Version": "v1.8.4",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "a6f5bd70edd91604"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "37c246a77598c5d2"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "7f4a078b5706fe93"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/mattn/go-colorable@v0.1.13/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/mattn/go-colorable",
|
|
"Name": "github.com/mattn/go-colorable",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-colorable",
|
|
"UID": "b45b952d7f967118"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-isatty@v0.0.16",
|
|
"golang.org/x/sys@v0.0.0-20220811171246-fbc7d0a398ab"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-isatty@v0.0.16",
|
|
"Name": "github.com/mattn/go-isatty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.16",
|
|
"UID": "d727390c46aeb1b8"
|
|
},
|
|
"Version": "v0.0.16",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.0.0-20220811171246-fbc7d0a398ab",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20220811171246-fbc7d0a398ab",
|
|
"UID": "744d3c719ef366cc"
|
|
},
|
|
"Version": "v0.0.0-20220811171246-fbc7d0a398ab",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/mattn/go-isatty@v0.0.20/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/mattn/go-isatty",
|
|
"Name": "github.com/mattn/go-isatty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-isatty",
|
|
"UID": "66c48d0bf372f1a3"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.6.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.6.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.6.0",
|
|
"UID": "41b578fd82684290"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/mattn/go-sqlite3@v1.14.22/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/mattn/go-sqlite3",
|
|
"Name": "github.com/mattn/go-sqlite3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-sqlite3",
|
|
"UID": "88f042bd87c54008"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/moby/docker-image-spec@v1.3.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/moby/docker-image-spec",
|
|
"Name": "github.com/moby/docker-image-spec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/moby/docker-image-spec",
|
|
"UID": "fc05e2b66b1778cf"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/opencontainers/image-spec@v1.0.2",
|
|
"github.com/opencontainers/go-digest@v1.0.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/opencontainers/image-spec@v1.0.2",
|
|
"Name": "github.com/opencontainers/image-spec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.0.2",
|
|
"UID": "7055535baf9d1bc8"
|
|
},
|
|
"Version": "v1.0.2",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/opencontainers/go-digest@v1.0.0",
|
|
"Name": "github.com/opencontainers/go-digest",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0",
|
|
"UID": "7edcb4f284a9c4df"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/modelcontextprotocol/go-sdk@v0.8.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/modelcontextprotocol/go-sdk",
|
|
"Name": "github.com/modelcontextprotocol/go-sdk",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modelcontextprotocol/go-sdk",
|
|
"UID": "e140d297e597377f"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/golang-jwt/jwt/v5@v5.2.2",
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"github.com/google/jsonschema-go@v0.3.0",
|
|
"github.com/yosida95/uritemplate/v3@v3.0.2",
|
|
"golang.org/x/tools@v0.34.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/golang-jwt/jwt/v5@v5.2.2",
|
|
"Name": "github.com/golang-jwt/jwt/v5",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.2.2",
|
|
"UID": "387e5d30529ba393"
|
|
},
|
|
"Version": "v5.2.2",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "cae07abfe6fe8eac"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/jsonschema-go@v0.3.0",
|
|
"Name": "github.com/google/jsonschema-go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/jsonschema-go@v0.3.0",
|
|
"UID": "4e45abf692b54b98"
|
|
},
|
|
"Version": "v0.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/yosida95/uritemplate/v3@v3.0.2",
|
|
"Name": "github.com/yosida95/uritemplate/v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/yosida95/uritemplate/v3@v3.0.2",
|
|
"UID": "5a909710f2f07c1d"
|
|
},
|
|
"Version": "v3.0.2",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.34.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.34.0",
|
|
"UID": "f4633b00723eea32"
|
|
},
|
|
"Version": "v0.34.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/opencontainers/go-digest@v1.0.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/opencontainers/go-digest",
|
|
"Name": "github.com/opencontainers/go-digest",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/opencontainers/go-digest",
|
|
"UID": "11678e64132f58b6"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/opencontainers/image-spec@v1.1.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/opencontainers/image-spec",
|
|
"Name": "github.com/opencontainers/image-spec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/opencontainers/image-spec",
|
|
"UID": "7c9860dbe0ec063"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/opencontainers/go-digest@v1.0.0",
|
|
"github.com/russross/blackfriday@v1.6.0",
|
|
"github.com/santhosh-tekuri/jsonschema/v5@v5.3.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/opencontainers/go-digest@v1.0.0",
|
|
"Name": "github.com/opencontainers/go-digest",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0",
|
|
"UID": "30e981d3dc124963"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/russross/blackfriday@v1.6.0",
|
|
"Name": "github.com/russross/blackfriday",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/russross/blackfriday@v1.6.0",
|
|
"UID": "2eedabfb16cfa578"
|
|
},
|
|
"Version": "v1.6.0",
|
|
"Licenses": [
|
|
"BSD-2-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/santhosh-tekuri/jsonschema/v5@v5.3.1",
|
|
"Name": "github.com/santhosh-tekuri/jsonschema/v5",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1",
|
|
"UID": "d14387356553e4a6"
|
|
},
|
|
"Version": "v5.3.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/oschwald/geoip2-golang@v1.13.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/oschwald/geoip2-golang",
|
|
"Name": "github.com/oschwald/geoip2-golang",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/oschwald/geoip2-golang",
|
|
"UID": "402783077bf9f954"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/oschwald/maxminddb-golang@v1.13.0",
|
|
"github.com/stretchr/testify@v1.9.0",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/oschwald/maxminddb-golang@v1.13.0",
|
|
"Name": "github.com/oschwald/maxminddb-golang",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/oschwald/maxminddb-golang@v1.13.0",
|
|
"UID": "64afb2af1352ab5f"
|
|
},
|
|
"Version": "v1.13.0",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.9.0",
|
|
"golang.org/x/sys@v0.20.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.9.0",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.9.0",
|
|
"UID": "30ccf3f8c277b4e5"
|
|
},
|
|
"Version": "v1.9.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "ebc35f7c13605ca5"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "7d607365963b1573"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.20.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.20.0",
|
|
"UID": "64503e879388b5bf"
|
|
},
|
|
"Version": "v0.20.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "33bc657eaaf89942"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/oschwald/maxminddb-golang@v1.13.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/oschwald/maxminddb-golang",
|
|
"Name": "github.com/oschwald/maxminddb-golang",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/oschwald/maxminddb-golang",
|
|
"UID": "3d5116cb37e40ea9"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.9.0",
|
|
"golang.org/x/sys@v0.20.0",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.9.0",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.9.0",
|
|
"UID": "f6f693b150fb3d0f"
|
|
},
|
|
"Version": "v1.9.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.20.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.20.0",
|
|
"UID": "4488e5dd49545da0"
|
|
},
|
|
"Version": "v0.20.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "8ab13fe397316fab"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "c55a91c8d4930795"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "ea9c0a020c2ef328"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/pelletier/go-toml/v2@v2.2.4/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/pelletier/go-toml/v2",
|
|
"Name": "github.com/pelletier/go-toml/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pelletier/go-toml/v2",
|
|
"UID": "5ea436af448d9166"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/prometheus/client_golang@v1.23.2/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/prometheus/client_golang",
|
|
"Name": "github.com/prometheus/client_golang",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/client_golang",
|
|
"UID": "9d2b82000363049c"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/beorn7/perks@v1.0.1",
|
|
"github.com/cespare/xxhash/v2@v2.3.0",
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"github.com/json-iterator/go@v1.1.12",
|
|
"github.com/klauspost/compress@v1.18.0",
|
|
"github.com/kylelemons/godebug@v1.1.0",
|
|
"github.com/prometheus/client_model@v0.6.2",
|
|
"github.com/prometheus/common@v0.66.1",
|
|
"github.com/prometheus/procfs@v0.16.1",
|
|
"go.uber.org/goleak@v1.3.0",
|
|
"golang.org/x/sys@v0.35.0",
|
|
"google.golang.org/protobuf@v1.36.8",
|
|
"github.com/jpillora/backoff@v1.0.0",
|
|
"github.com/kr/pretty@v0.3.1",
|
|
"golang.org/x/text@v0.28.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/beorn7/perks@v1.0.1",
|
|
"Name": "github.com/beorn7/perks",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1",
|
|
"UID": "ce51637fc1329ac9"
|
|
},
|
|
"Version": "v1.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/cespare/xxhash/v2@v2.3.0",
|
|
"Name": "github.com/cespare/xxhash/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0",
|
|
"UID": "2046164a5d244ebf"
|
|
},
|
|
"Version": "v2.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "bc5e7d5d74576aaa"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/json-iterator/go@v1.1.12",
|
|
"Name": "github.com/json-iterator/go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12",
|
|
"UID": "2e2b36cb41e11ac6"
|
|
},
|
|
"Version": "v1.1.12",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"github.com/modern-go/reflect2@v1.0.2"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/klauspost/compress@v1.18.0",
|
|
"Name": "github.com/klauspost/compress",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/klauspost/compress@v1.18.0",
|
|
"UID": "cf816aca16b67442"
|
|
},
|
|
"Version": "v1.18.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause",
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/kylelemons/godebug@v1.1.0",
|
|
"Name": "github.com/kylelemons/godebug",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0",
|
|
"UID": "41c1c4a007df86a3"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/client_model@v0.6.2",
|
|
"Name": "github.com/prometheus/client_model",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2",
|
|
"UID": "4460694c564a01af"
|
|
},
|
|
"Version": "v0.6.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"google.golang.org/protobuf@v1.36.8"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/common@v0.66.1",
|
|
"Name": "github.com/prometheus/common",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/common@v0.66.1",
|
|
"UID": "f449769c4d13dbc0"
|
|
},
|
|
"Version": "v0.66.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822",
|
|
"github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f",
|
|
"github.com/prometheus/client_model@v0.6.2",
|
|
"go.yaml.in/yaml/v2@v2.4.2",
|
|
"golang.org/x/net@v0.43.0",
|
|
"golang.org/x/oauth2@v0.30.0",
|
|
"google.golang.org/protobuf@v1.36.8"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/procfs@v0.16.1",
|
|
"Name": "github.com/prometheus/procfs",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1",
|
|
"UID": "119a2439131ed1be"
|
|
},
|
|
"Version": "v0.16.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"golang.org/x/sys@v0.35.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.uber.org/goleak@v1.3.0",
|
|
"Name": "go.uber.org/goleak",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.uber.org/goleak@v1.3.0",
|
|
"UID": "2c5247b66ae59a3f"
|
|
},
|
|
"Version": "v1.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.35.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.35.0",
|
|
"UID": "25f940aa435cb5f1"
|
|
},
|
|
"Version": "v0.35.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/protobuf@v1.36.8",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.36.8",
|
|
"UID": "4debe810084f597b"
|
|
},
|
|
"Version": "v1.36.8",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jpillora/backoff@v1.0.0",
|
|
"Name": "github.com/jpillora/backoff",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0",
|
|
"UID": "65a147f6a0e08cad"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/kr/pretty@v0.3.1",
|
|
"Name": "github.com/kr/pretty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/kr/pretty@v0.3.1",
|
|
"UID": "279645bf7ed214b7"
|
|
},
|
|
"Version": "v0.3.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"Name": "github.com/modern-go/concurrent",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"UID": "8afaaf041fb74cd4"
|
|
},
|
|
"Version": "v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/modern-go/reflect2@v1.0.2",
|
|
"Name": "github.com/modern-go/reflect2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2",
|
|
"UID": "cfb6386477323f1b"
|
|
},
|
|
"Version": "v1.0.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822",
|
|
"Name": "github.com/munnerz/goautoneg",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822",
|
|
"UID": "837d0a7d1f0d1d77"
|
|
},
|
|
"Version": "v0.0.0-20191010083416-a7dc8b61c822",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f",
|
|
"Name": "github.com/mwitkow/go-conntrack",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f",
|
|
"UID": "aad203b39ed3724b"
|
|
},
|
|
"Version": "v0.0.0-20190716064945-2f068394615f",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.yaml.in/yaml/v2@v2.4.2",
|
|
"Name": "go.yaml.in/yaml/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.2",
|
|
"UID": "4bc703636c5c461f"
|
|
},
|
|
"Version": "v2.4.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.43.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.43.0",
|
|
"UID": "7c8c95df2b0ecad9"
|
|
},
|
|
"Version": "v0.43.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/oauth2@v0.30.0",
|
|
"Name": "golang.org/x/oauth2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/oauth2@v0.30.0",
|
|
"UID": "fb89b5aa48da94b8"
|
|
},
|
|
"Version": "v0.30.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.28.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.28.0",
|
|
"UID": "cb0652814664a2b5"
|
|
},
|
|
"Version": "v0.28.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/prometheus/client_model@v0.6.2/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/prometheus/client_model",
|
|
"Name": "github.com/prometheus/client_model",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/client_model",
|
|
"UID": "1b304d6dcc002072"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"google.golang.org/protobuf@v1.36.6",
|
|
"golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543",
|
|
"github.com/google/go-cmp@v0.5.5"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/protobuf@v1.36.6",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.36.6",
|
|
"UID": "d5985ba6c4507407"
|
|
},
|
|
"Version": "v1.36.6",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.5.5",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.5.5",
|
|
"UID": "618889878c58d3c0"
|
|
},
|
|
"Version": "v0.5.5",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543",
|
|
"Name": "golang.org/x/xerrors",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543",
|
|
"UID": "a53190d1391c2e10"
|
|
},
|
|
"Version": "v0.0.0-20191204190536-9bdfabe68543",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/prometheus/common@v0.66.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/prometheus/common",
|
|
"Name": "github.com/prometheus/common",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/common",
|
|
"UID": "4f655621a83db2ef"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/alecthomas/kingpin/v2@v2.4.0",
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"github.com/julienschmidt/httprouter@v1.3.0",
|
|
"github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822",
|
|
"github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f",
|
|
"github.com/prometheus/client_model@v0.6.2",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.yaml.in/yaml/v2@v2.4.2",
|
|
"golang.org/x/net@v0.43.0",
|
|
"golang.org/x/oauth2@v0.30.0",
|
|
"google.golang.org/protobuf@v1.36.8",
|
|
"github.com/beorn7/perks@v1.0.1",
|
|
"github.com/cespare/xxhash/v2@v2.3.0",
|
|
"github.com/jpillora/backoff@v1.0.0",
|
|
"github.com/prometheus/client_golang@v1.20.4",
|
|
"github.com/prometheus/procfs@v0.15.1",
|
|
"github.com/rogpeppe/go-internal@v1.10.0",
|
|
"golang.org/x/sys@v0.35.0",
|
|
"golang.org/x/text@v0.28.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/alecthomas/kingpin/v2@v2.4.0",
|
|
"Name": "github.com/alecthomas/kingpin/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0",
|
|
"UID": "eac3da333bd8099c"
|
|
},
|
|
"Version": "v2.4.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/alecthomas/units@v0.0.0-20211218093645-b94a6e3cc137",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"github.com/xhit/go-str2duration/v2@v2.1.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "86bf813fd01328cd"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/julienschmidt/httprouter@v1.3.0",
|
|
"Name": "github.com/julienschmidt/httprouter",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/julienschmidt/httprouter@v1.3.0",
|
|
"UID": "8df8e2a3d8d162a0"
|
|
},
|
|
"Version": "v1.3.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822",
|
|
"Name": "github.com/munnerz/goautoneg",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822",
|
|
"UID": "ef6f377cdc91c59e"
|
|
},
|
|
"Version": "v0.0.0-20191010083416-a7dc8b61c822",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f",
|
|
"Name": "github.com/mwitkow/go-conntrack",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f",
|
|
"UID": "3a50304c435a6aa6"
|
|
},
|
|
"Version": "v0.0.0-20190716064945-2f068394615f",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/client_model@v0.6.2",
|
|
"Name": "github.com/prometheus/client_model",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2",
|
|
"UID": "7effb955b769f2e4"
|
|
},
|
|
"Version": "v0.6.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"google.golang.org/protobuf@v1.36.8"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.11.1",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1",
|
|
"UID": "e81e35e8986bcfb8"
|
|
},
|
|
"Version": "v1.11.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.yaml.in/yaml/v2@v2.4.2",
|
|
"Name": "go.yaml.in/yaml/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.2",
|
|
"UID": "8ae1f5a8063826a9"
|
|
},
|
|
"Version": "v2.4.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.43.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.43.0",
|
|
"UID": "8d13d813db52e14a"
|
|
},
|
|
"Version": "v0.43.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/oauth2@v0.30.0",
|
|
"Name": "golang.org/x/oauth2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/oauth2@v0.30.0",
|
|
"UID": "6cbfe45877520cf3"
|
|
},
|
|
"Version": "v0.30.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/protobuf@v1.36.8",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.36.8",
|
|
"UID": "fa6fa710b15c658c"
|
|
},
|
|
"Version": "v1.36.8",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/alecthomas/units@v0.0.0-20211218093645-b94a6e3cc137",
|
|
"Name": "github.com/alecthomas/units",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20211218093645-b94a6e3cc137",
|
|
"UID": "5b8882b43a97dd0d"
|
|
},
|
|
"Version": "v0.0.0-20211218093645-b94a6e3cc137",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/beorn7/perks@v1.0.1",
|
|
"Name": "github.com/beorn7/perks",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1",
|
|
"UID": "5dd56876c3e8df1a"
|
|
},
|
|
"Version": "v1.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/cespare/xxhash/v2@v2.3.0",
|
|
"Name": "github.com/cespare/xxhash/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0",
|
|
"UID": "190c35f92f06d6e0"
|
|
},
|
|
"Version": "v2.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "9a273ff64d815d40"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jpillora/backoff@v1.0.0",
|
|
"Name": "github.com/jpillora/backoff",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0",
|
|
"UID": "c4f4f7074518f2a"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "35601577a982aabe"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/client_golang@v1.20.4",
|
|
"Name": "github.com/prometheus/client_golang",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/client_golang@v1.20.4",
|
|
"UID": "22afda5fc8df118"
|
|
},
|
|
"Version": "v1.20.4",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/procfs@v0.15.1",
|
|
"Name": "github.com/prometheus/procfs",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/procfs@v0.15.1",
|
|
"UID": "2a94ec92439df562"
|
|
},
|
|
"Version": "v0.15.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/rogpeppe/go-internal@v1.10.0",
|
|
"Name": "github.com/rogpeppe/go-internal",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/rogpeppe/go-internal@v1.10.0",
|
|
"UID": "9727583a71c669a7"
|
|
},
|
|
"Version": "v1.10.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/xhit/go-str2duration/v2@v2.1.0",
|
|
"Name": "github.com/xhit/go-str2duration/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0",
|
|
"UID": "28709147ce10becd"
|
|
},
|
|
"Version": "v2.1.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.35.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.35.0",
|
|
"UID": "e9f2026f5cd44a97"
|
|
},
|
|
"Version": "v0.35.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.28.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.28.0",
|
|
"UID": "5f3d92014eefa42e"
|
|
},
|
|
"Version": "v0.28.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c",
|
|
"Name": "gopkg.in/check.v1",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c",
|
|
"UID": "17e2294dca017281"
|
|
},
|
|
"Version": "v1.0.0-20201130134442-10cb98267c6c",
|
|
"Licenses": [
|
|
"BSD-2-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "923788fc76501ecc"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/prometheus/procfs@v0.16.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/prometheus/procfs",
|
|
"Name": "github.com/prometheus/procfs",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/procfs",
|
|
"UID": "24bf7685887b32ba"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"golang.org/x/sync@v0.13.0",
|
|
"golang.org/x/sys@v0.32.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "7a97e2ef16646924"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.13.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.13.0",
|
|
"UID": "a0a03eb27a176f07"
|
|
},
|
|
"Version": "v0.13.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.32.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.32.0",
|
|
"UID": "2965b452d650e3b9"
|
|
},
|
|
"Version": "v0.32.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/quic-go/qpack@v0.5.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/quic-go/qpack",
|
|
"Name": "github.com/quic-go/qpack",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/qpack",
|
|
"UID": "f7f388c608b6fe2d"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.9.0",
|
|
"golang.org/x/net@v0.28.0",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.9.0",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.9.0",
|
|
"UID": "8af606bb3a7aaa31"
|
|
},
|
|
"Version": "v1.9.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.28.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.28.0",
|
|
"UID": "b996600028b09019"
|
|
},
|
|
"Version": "v0.28.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "ae82260bc78f0b41"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "517a943e913d3e43"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "e7bbae05659e3f6e"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22870",
|
|
"VendorIDs": [
|
|
"GHSA-qxp5-gwg8-xv66"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.28.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.28.0",
|
|
"UID": "b996600028b09019"
|
|
},
|
|
"InstalledVersion": "v0.28.0",
|
|
"FixedVersion": "0.36.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:452de98b2e857f9af4e663a663404218f691d668aa3f9a47efae074c697a89d9",
|
|
"Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
|
|
"Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-115"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2025/03/07/2",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22870",
|
|
"https://github.com/golang/go/issues/71984",
|
|
"https://go-review.googlesource.com/q/project:net",
|
|
"https://go.dev/cl/654697",
|
|
"https://go.dev/issue/71984",
|
|
"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
|
|
"https://pkg.go.dev/vuln/GO-2025-3503",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7574-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22870"
|
|
],
|
|
"PublishedDate": "2025-03-12T19:15:38.31Z",
|
|
"LastModifiedDate": "2025-05-09T20:15:38.727Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22872",
|
|
"VendorIDs": [
|
|
"GHSA-vvgc-356p-c3xw"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.28.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.28.0",
|
|
"UID": "b996600028b09019"
|
|
},
|
|
"InstalledVersion": "v0.28.0",
|
|
"FixedVersion": "0.38.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:00894c35352d5322cf5b3d14303478fb2081ce2f8b60358bc2e967012fa6bfda",
|
|
"Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
|
|
"Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22872",
|
|
"https://github.com/advisories/GHSA-vvgc-356p-c3xw",
|
|
"https://go.dev/cl/662715",
|
|
"https://go.dev/issue/73070",
|
|
"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22872",
|
|
"https://pkg.go.dev/vuln/GO-2025-3595",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22872"
|
|
],
|
|
"PublishedDate": "2025-04-16T18:16:04.183Z",
|
|
"LastModifiedDate": "2025-05-16T23:15:19.707Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/quic-go/qpack@v0.6.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/quic-go/qpack",
|
|
"Name": "github.com/quic-go/qpack",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/qpack",
|
|
"UID": "5d94524bfa85759a"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.9.0",
|
|
"golang.org/x/net@v0.28.0",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.9.0",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.9.0",
|
|
"UID": "c21e2ad05c281106"
|
|
},
|
|
"Version": "v1.9.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.28.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.28.0",
|
|
"UID": "931a8962aedd329e"
|
|
},
|
|
"Version": "v0.28.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "15d78194d88ce706"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "abba287c1fb84138"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "8684ed326ffead89"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22870",
|
|
"VendorIDs": [
|
|
"GHSA-qxp5-gwg8-xv66"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.28.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.28.0",
|
|
"UID": "931a8962aedd329e"
|
|
},
|
|
"InstalledVersion": "v0.28.0",
|
|
"FixedVersion": "0.36.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:c9e439bb7a08044decae8f8310f718b31c1dfba746c5921562733e17433a8e22",
|
|
"Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
|
|
"Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-115"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2025/03/07/2",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22870",
|
|
"https://github.com/golang/go/issues/71984",
|
|
"https://go-review.googlesource.com/q/project:net",
|
|
"https://go.dev/cl/654697",
|
|
"https://go.dev/issue/71984",
|
|
"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
|
|
"https://pkg.go.dev/vuln/GO-2025-3503",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7574-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22870"
|
|
],
|
|
"PublishedDate": "2025-03-12T19:15:38.31Z",
|
|
"LastModifiedDate": "2025-05-09T20:15:38.727Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22872",
|
|
"VendorIDs": [
|
|
"GHSA-vvgc-356p-c3xw"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.28.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.28.0",
|
|
"UID": "931a8962aedd329e"
|
|
},
|
|
"InstalledVersion": "v0.28.0",
|
|
"FixedVersion": "0.38.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:a75bf72a09b1c05efabe1bc28035c637093be9cfbfaebb7024e08da0dc1528f6",
|
|
"Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
|
|
"Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22872",
|
|
"https://github.com/advisories/GHSA-vvgc-356p-c3xw",
|
|
"https://go.dev/cl/662715",
|
|
"https://go.dev/issue/73070",
|
|
"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22872",
|
|
"https://pkg.go.dev/vuln/GO-2025-3595",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22872"
|
|
],
|
|
"PublishedDate": "2025-04-16T18:16:04.183Z",
|
|
"LastModifiedDate": "2025-05-16T23:15:19.707Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/quic-go/quic-go@v0.54.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/quic-go/quic-go",
|
|
"Name": "github.com/quic-go/quic-go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/quic-go",
|
|
"UID": "7cb2dfd5f87ad0fc"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/francoispqt/gojay@v1.2.13",
|
|
"github.com/prometheus/client_golang@v1.19.1",
|
|
"github.com/quic-go/qpack@v0.5.1",
|
|
"github.com/stretchr/testify@v1.9.0",
|
|
"go.uber.org/mock@v0.5.0",
|
|
"golang.org/x/crypto@v0.26.0",
|
|
"golang.org/x/net@v0.28.0",
|
|
"golang.org/x/sync@v0.8.0",
|
|
"golang.org/x/sys@v0.23.0",
|
|
"golang.org/x/tools@v0.22.0",
|
|
"github.com/beorn7/perks@v1.0.1",
|
|
"github.com/cespare/xxhash/v2@v2.2.0",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"github.com/prometheus/client_model@v0.5.0",
|
|
"github.com/prometheus/common@v0.48.0",
|
|
"github.com/prometheus/procfs@v0.12.0",
|
|
"golang.org/x/mod@v0.18.0",
|
|
"golang.org/x/text@v0.17.0",
|
|
"google.golang.org/protobuf@v1.33.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/francoispqt/gojay@v1.2.13",
|
|
"Name": "github.com/francoispqt/gojay",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/francoispqt/gojay@v1.2.13",
|
|
"UID": "f9873c3cb7953862"
|
|
},
|
|
"Version": "v1.2.13",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.9.0",
|
|
"golang.org/x/net@v0.28.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/client_golang@v1.19.1",
|
|
"Name": "github.com/prometheus/client_golang",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/client_golang@v1.19.1",
|
|
"UID": "3acbdf2e42a0d723"
|
|
},
|
|
"Version": "v1.19.1",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/quic-go/qpack@v0.5.1",
|
|
"Name": "github.com/quic-go/qpack",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/qpack@v0.5.1",
|
|
"UID": "358a1231ecbd1180"
|
|
},
|
|
"Version": "v0.5.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.9.0",
|
|
"golang.org/x/net@v0.28.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.9.0",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.9.0",
|
|
"UID": "f19b1bacafaa44"
|
|
},
|
|
"Version": "v1.9.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.uber.org/mock@v0.5.0",
|
|
"Name": "go.uber.org/mock",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.uber.org/mock@v0.5.0",
|
|
"UID": "bcde6ca868030cdb"
|
|
},
|
|
"Version": "v0.5.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.26.0",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.26.0",
|
|
"UID": "b7d276ec3d4de19b"
|
|
},
|
|
"Version": "v0.26.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.28.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.28.0",
|
|
"UID": "251335497fe7b14c"
|
|
},
|
|
"Version": "v0.28.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.8.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.8.0",
|
|
"UID": "635bb8a94f868209"
|
|
},
|
|
"Version": "v0.8.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.23.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.23.0",
|
|
"UID": "a0263776961f9cb"
|
|
},
|
|
"Version": "v0.23.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.22.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.22.0",
|
|
"UID": "754993d31ed9e676"
|
|
},
|
|
"Version": "v0.22.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/beorn7/perks@v1.0.1",
|
|
"Name": "github.com/beorn7/perks",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1",
|
|
"UID": "de3d187454d46cea"
|
|
},
|
|
"Version": "v1.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/cespare/xxhash/v2@v2.2.0",
|
|
"Name": "github.com/cespare/xxhash/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0",
|
|
"UID": "d934360cc9b78cc7"
|
|
},
|
|
"Version": "v2.2.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "adad79ffa966362c"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "1737a3350e3434ba"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/client_model@v0.5.0",
|
|
"Name": "github.com/prometheus/client_model",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/client_model@v0.5.0",
|
|
"UID": "cb26096c16241d24"
|
|
},
|
|
"Version": "v0.5.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/common@v0.48.0",
|
|
"Name": "github.com/prometheus/common",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/common@v0.48.0",
|
|
"UID": "27870aa70cf9c0bc"
|
|
},
|
|
"Version": "v0.48.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/procfs@v0.12.0",
|
|
"Name": "github.com/prometheus/procfs",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/procfs@v0.12.0",
|
|
"UID": "d72fe219c5a14cc8"
|
|
},
|
|
"Version": "v0.12.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.18.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.18.0",
|
|
"UID": "6153b6ca5c69626b"
|
|
},
|
|
"Version": "v0.18.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.17.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.17.0",
|
|
"UID": "e91ea4c1b1474050"
|
|
},
|
|
"Version": "v0.17.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/protobuf@v1.33.0",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.33.0",
|
|
"UID": "733fa6df66da90aa"
|
|
},
|
|
"Version": "v1.33.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "aaf29418ecbf43b7"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2024-45337",
|
|
"VendorIDs": [
|
|
"GHSA-v778-237x-gjrc"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.26.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.26.0",
|
|
"UID": "b7d276ec3d4de19b"
|
|
},
|
|
"InstalledVersion": "v0.26.0",
|
|
"FixedVersion": "0.31.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:9e4eb745e701d8ce88589973fff83c102389670e978cd584e0cfe679f78be925",
|
|
"Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
|
|
"Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
|
|
"Severity": "CRITICAL",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 4,
|
|
"cbl-mariner": 4,
|
|
"ghsa": 4,
|
|
"redhat": 3,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
|
"V3Score": 9.1
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
|
|
"V3Score": 8.2
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2024/12/11/2",
|
|
"https://access.redhat.com/security/cve/CVE-2024-45337",
|
|
"https://github.com/golang/crypto",
|
|
"https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
|
|
"https://go-review.googlesource.com/c/crypto/+/635315/",
|
|
"https://go.dev/cl/635315",
|
|
"https://go.dev/issue/70779",
|
|
"https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
|
|
"https://pkg.go.dev/vuln/GO-2024-3321",
|
|
"https://security.netapp.com/advisory/ntap-20250131-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250131-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7839-1",
|
|
"https://ubuntu.com/security/notices/USN-7839-2",
|
|
"https://www.cve.org/CVERecord?id=CVE-2024-45337"
|
|
],
|
|
"PublishedDate": "2024-12-12T02:02:07.97Z",
|
|
"LastModifiedDate": "2025-02-18T21:15:22.187Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22869",
|
|
"VendorIDs": [
|
|
"GHSA-hcg3-q754-cr77"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.26.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.26.0",
|
|
"UID": "b7d276ec3d4de19b"
|
|
},
|
|
"InstalledVersion": "v0.26.0",
|
|
"FixedVersion": "0.35.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:00e45e3f76b79cf4a79cd9d1b1feaba90c9f42b97f15d27f6e3d060985de3735",
|
|
"Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
|
|
"Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"alma": 3,
|
|
"amazon": 3,
|
|
"azure": 3,
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"oracle-oval": 3,
|
|
"redhat": 3,
|
|
"rocky": 3
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/errata/RHSA-2025:3833",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22869",
|
|
"https://bugzilla.redhat.com/2348367",
|
|
"https://bugzilla.redhat.com/show_bug.cgi?id=2348367",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869",
|
|
"https://errata.almalinux.org/9/ALSA-2025-3833.html",
|
|
"https://errata.rockylinux.org/RLSA-2025:7416",
|
|
"https://github.com/golang/crypto",
|
|
"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22",
|
|
"https://go-review.googlesource.com/c/crypto/+/652135",
|
|
"https://go.dev/cl/652135",
|
|
"https://go.dev/issue/71931",
|
|
"https://linux.oracle.com/cve/CVE-2025-22869.html",
|
|
"https://linux.oracle.com/errata/ELSA-2025-7484.html",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
|
|
"https://pkg.go.dev/vuln/GO-2025-3487",
|
|
"https://security.netapp.com/advisory/ntap-20250411-0010",
|
|
"https://security.netapp.com/advisory/ntap-20250411-0010/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22869"
|
|
],
|
|
"PublishedDate": "2025-02-26T08:14:24.997Z",
|
|
"LastModifiedDate": "2025-05-01T19:28:20.74Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-47914",
|
|
"VendorIDs": [
|
|
"GHSA-f6x5-jh6r-wrfv"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.26.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.26.0",
|
|
"UID": "b7d276ec3d4de19b"
|
|
},
|
|
"InstalledVersion": "v0.26.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:29202afe6176fa9b9fb154b3c4af41dfecbc54df68b14388febd9177ce975532",
|
|
"Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
|
|
"Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-47914",
|
|
"https://go.dev/cl/721960",
|
|
"https://go.dev/issue/76364",
|
|
"https://go.googlesource.com/crypto",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
|
|
"https://pkg.go.dev/vuln/GO-2025-4135",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-47914"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.517Z",
|
|
"LastModifiedDate": "2025-12-11T19:36:41.373Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-58181",
|
|
"VendorIDs": [
|
|
"GHSA-j5w8-q4qc-rx2x"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.26.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.26.0",
|
|
"UID": "b7d276ec3d4de19b"
|
|
},
|
|
"InstalledVersion": "v0.26.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:c650a2f75340da82587c3faf3dadd062a4ebbe8caf1ab71678e42f4919cd4677",
|
|
"Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
|
|
"Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-58181",
|
|
"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c",
|
|
"https://github.com/golang/go/issues/76363",
|
|
"https://go.dev/cl/721961",
|
|
"https://go.dev/issue/76363",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
|
|
"https://pkg.go.dev/vuln/GO-2025-4134",
|
|
"https://ubuntu.com/security/notices/USN-7956-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-58181"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.85Z",
|
|
"LastModifiedDate": "2025-12-11T19:29:24.9Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22870",
|
|
"VendorIDs": [
|
|
"GHSA-qxp5-gwg8-xv66"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.28.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.28.0",
|
|
"UID": "251335497fe7b14c"
|
|
},
|
|
"InstalledVersion": "v0.28.0",
|
|
"FixedVersion": "0.36.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:e49f6c461f81ba45e67dba1eec5ee64faac9cd34b35998ba313e4b5319a4b9be",
|
|
"Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
|
|
"Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-115"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2025/03/07/2",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22870",
|
|
"https://github.com/golang/go/issues/71984",
|
|
"https://go-review.googlesource.com/q/project:net",
|
|
"https://go.dev/cl/654697",
|
|
"https://go.dev/issue/71984",
|
|
"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
|
|
"https://pkg.go.dev/vuln/GO-2025-3503",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7574-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22870"
|
|
],
|
|
"PublishedDate": "2025-03-12T19:15:38.31Z",
|
|
"LastModifiedDate": "2025-05-09T20:15:38.727Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22872",
|
|
"VendorIDs": [
|
|
"GHSA-vvgc-356p-c3xw"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.28.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.28.0",
|
|
"UID": "251335497fe7b14c"
|
|
},
|
|
"InstalledVersion": "v0.28.0",
|
|
"FixedVersion": "0.38.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:81ed4ebc9acc5a5fcf2b2c9e896e55b7a4732636f3b8a7e8197cc56b594da5f6",
|
|
"Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
|
|
"Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22872",
|
|
"https://github.com/advisories/GHSA-vvgc-356p-c3xw",
|
|
"https://go.dev/cl/662715",
|
|
"https://go.dev/issue/73070",
|
|
"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22872",
|
|
"https://pkg.go.dev/vuln/GO-2025-3595",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22872"
|
|
],
|
|
"PublishedDate": "2025-04-16T18:16:04.183Z",
|
|
"LastModifiedDate": "2025-05-16T23:15:19.707Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/quic-go/quic-go@v0.57.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/quic-go/quic-go",
|
|
"Name": "github.com/quic-go/quic-go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/quic-go",
|
|
"UID": "2c0f3cdc6249be95"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/quic-go/qpack@v0.6.0",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.uber.org/mock@v0.5.2",
|
|
"golang.org/x/crypto@v0.41.0",
|
|
"golang.org/x/net@v0.43.0",
|
|
"golang.org/x/sync@v0.16.0",
|
|
"golang.org/x/sys@v0.35.0",
|
|
"golang.org/x/time@v0.12.0",
|
|
"github.com/jordanlewis/gcassert@v0.0.0-20250430164644-389ef753e22e",
|
|
"golang.org/x/mod@v0.27.0",
|
|
"golang.org/x/text@v0.28.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/quic-go/qpack@v0.6.0",
|
|
"Name": "github.com/quic-go/qpack",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/qpack@v0.6.0",
|
|
"UID": "271846de5a069dcb"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/net@v0.43.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.11.1",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1",
|
|
"UID": "44941f80059359eb"
|
|
},
|
|
"Version": "v1.11.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.uber.org/mock@v0.5.2",
|
|
"Name": "go.uber.org/mock",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.uber.org/mock@v0.5.2",
|
|
"UID": "839a934da05fe1f2"
|
|
},
|
|
"Version": "v0.5.2",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.41.0",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.41.0",
|
|
"UID": "762cf523efea301b"
|
|
},
|
|
"Version": "v0.41.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.43.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.43.0",
|
|
"UID": "ae95254ad63ba3c9"
|
|
},
|
|
"Version": "v0.43.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.16.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.16.0",
|
|
"UID": "8733167c69c7f6f9"
|
|
},
|
|
"Version": "v0.16.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.35.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.35.0",
|
|
"UID": "65a8f10abb5743d9"
|
|
},
|
|
"Version": "v0.35.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/time@v0.12.0",
|
|
"Name": "golang.org/x/time",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/time@v0.12.0",
|
|
"UID": "7fa4980f97002b33"
|
|
},
|
|
"Version": "v0.12.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "4f8c9eaeee731ef3"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jordanlewis/gcassert@v0.0.0-20250430164644-389ef753e22e",
|
|
"Name": "github.com/jordanlewis/gcassert",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jordanlewis/gcassert@v0.0.0-20250430164644-389ef753e22e",
|
|
"UID": "dceb9160dc8fd22"
|
|
},
|
|
"Version": "v0.0.0-20250430164644-389ef753e22e",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/tools@v0.36.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/kr/pretty@v0.3.1",
|
|
"Name": "github.com/kr/pretty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/kr/pretty@v0.3.1",
|
|
"UID": "e14ff950942bbe97"
|
|
},
|
|
"Version": "v0.3.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/rogpeppe/go-internal@v1.10.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "6dc4472eabc0bc9"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/rogpeppe/go-internal@v1.10.0",
|
|
"Name": "github.com/rogpeppe/go-internal",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/rogpeppe/go-internal@v1.10.0",
|
|
"UID": "81ef279d99bec704"
|
|
},
|
|
"Version": "v1.10.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.27.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.27.0",
|
|
"UID": "3d291b8776d097c0"
|
|
},
|
|
"Version": "v0.27.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.28.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.28.0",
|
|
"UID": "9911fc59abd5a351"
|
|
},
|
|
"Version": "v0.28.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.36.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.36.0",
|
|
"UID": "3a3d04e9122cfd72"
|
|
},
|
|
"Version": "v0.36.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c",
|
|
"Name": "gopkg.in/check.v1",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c",
|
|
"UID": "9e5fd1170116588a"
|
|
},
|
|
"Version": "v1.0.0-20201130134442-10cb98267c6c",
|
|
"Licenses": [
|
|
"BSD-2-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/kr/pretty@v0.3.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "dddb68f31024b267"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-47914",
|
|
"VendorIDs": [
|
|
"GHSA-f6x5-jh6r-wrfv"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.41.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.41.0",
|
|
"UID": "762cf523efea301b"
|
|
},
|
|
"InstalledVersion": "v0.41.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:7521b6a8c236cf5009362a4f4b1bfe151cd0f829d50c9f3e8adaca17aa5ae274",
|
|
"Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
|
|
"Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-47914",
|
|
"https://go.dev/cl/721960",
|
|
"https://go.dev/issue/76364",
|
|
"https://go.googlesource.com/crypto",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
|
|
"https://pkg.go.dev/vuln/GO-2025-4135",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-47914"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.517Z",
|
|
"LastModifiedDate": "2025-12-11T19:36:41.373Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-58181",
|
|
"VendorIDs": [
|
|
"GHSA-j5w8-q4qc-rx2x"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.41.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.41.0",
|
|
"UID": "762cf523efea301b"
|
|
},
|
|
"InstalledVersion": "v0.41.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:4df2d334f128fa6b2adaa3fdae3420d062e19022494116506e609891576600bc",
|
|
"Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
|
|
"Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-58181",
|
|
"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c",
|
|
"https://github.com/golang/go/issues/76363",
|
|
"https://go.dev/cl/721961",
|
|
"https://go.dev/issue/76363",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
|
|
"https://pkg.go.dev/vuln/GO-2025-4134",
|
|
"https://ubuntu.com/security/notices/USN-7956-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-58181"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.85Z",
|
|
"LastModifiedDate": "2025-12-11T19:29:24.9Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/robfig/cron/v3@v3.0.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/robfig/cron/v3",
|
|
"Name": "github.com/robfig/cron/v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/robfig/cron/v3",
|
|
"UID": "c7e1f75a11375cbb"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/sirupsen/logrus@v1.9.3/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/sirupsen/logrus",
|
|
"Name": "github.com/sirupsen/logrus",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/sirupsen/logrus",
|
|
"UID": "dbe2fe8ec8d7fb7e"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.7.0",
|
|
"golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8",
|
|
"github.com/stretchr/objx@v0.1.0",
|
|
"gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405",
|
|
"gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.7.0",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.7.0",
|
|
"UID": "3c6f5256b98e0b10"
|
|
},
|
|
"Version": "v1.7.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8",
|
|
"UID": "78340537bc86f1e9"
|
|
},
|
|
"Version": "v0.0.0-20220715151400-c0bba94af5f8",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "aa00c2b3ca9bbb1a"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "667c469f12bfb4f8"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/objx@v0.1.0",
|
|
"Name": "github.com/stretchr/objx",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/objx@v0.1.0",
|
|
"UID": "3382c5047c848127"
|
|
},
|
|
"Version": "v0.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405",
|
|
"Name": "gopkg.in/check.v1",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405",
|
|
"UID": "ead5045783dcb317"
|
|
},
|
|
"Version": "v0.0.0-20161208181325-20d25e280405",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c",
|
|
"UID": "de143d31456cabe7"
|
|
},
|
|
"Version": "v3.0.0-20200313102051-9f266ea9e77c",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2022-28948",
|
|
"VendorIDs": [
|
|
"GHSA-hp87-p4gw-j4gq"
|
|
],
|
|
"PkgID": "gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c",
|
|
"PkgName": "gopkg.in/yaml.v3",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c",
|
|
"UID": "de143d31456cabe7"
|
|
},
|
|
"InstalledVersion": "v3.0.0-20200313102051-9f266ea9e77c",
|
|
"FixedVersion": "3.0.1",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-28948",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:706e86aa9e85928860b5503875e626f7c2f31eb4248259897aab6a31ee829ba6",
|
|
"Title": "golang-gopkg-yaml: crash when attempting to deserialize invalid input",
|
|
"Description": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.",
|
|
"Severity": "HIGH",
|
|
"CweIDs": [
|
|
"CWE-502"
|
|
],
|
|
"VendorSeverity": {
|
|
"cbl-mariner": 3,
|
|
"ghsa": 3,
|
|
"nvd": 3,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
},
|
|
"nvd": {
|
|
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V2Score": 5,
|
|
"V3Score": 7.5
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"V3Score": 7.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2022-28948",
|
|
"https://github.com/advisories/GHSA-hp87-p4gw-j4gq",
|
|
"https://github.com/go-yaml/yaml",
|
|
"https://github.com/go-yaml/yaml/commit/8f96da9f5d5eff988554c1aae1784627c4bf6754",
|
|
"https://github.com/go-yaml/yaml/commit/f6f7691b1fdeb513f56608cd2c32c51f8194bf51",
|
|
"https://github.com/go-yaml/yaml/issues/665",
|
|
"https://github.com/go-yaml/yaml/issues/666",
|
|
"https://github.com/go-yaml/yaml/issues/666#issuecomment-1133337993",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2022-28948",
|
|
"https://security.netapp.com/advisory/ntap-20220923-0006",
|
|
"https://security.netapp.com/advisory/ntap-20220923-0006/",
|
|
"https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV2-2840885",
|
|
"https://www.cve.org/CVERecord?id=CVE-2022-28948"
|
|
],
|
|
"PublishedDate": "2022-05-19T20:15:10.567Z",
|
|
"LastModifiedDate": "2024-11-21T06:58:14.02Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/stretchr/testify@v1.11.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/stretchr/testify",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify",
|
|
"UID": "23cfbcb2168aaca"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"github.com/stretchr/objx@v0.5.2",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "cee241beb7b538ff"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "5b91c8d0046b78d6"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/objx@v0.5.2",
|
|
"Name": "github.com/stretchr/objx",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/objx@v0.5.2",
|
|
"UID": "37fcc39e3ef10299"
|
|
},
|
|
"Version": "v0.5.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "c57d0b5c378a543f"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405",
|
|
"Name": "gopkg.in/check.v1",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405",
|
|
"UID": "d2582d16f586a5"
|
|
},
|
|
"Version": "v0.0.0-20161208181325-20d25e280405",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/ugorji/go/codec@v1.3.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/ugorji/go/codec",
|
|
"Name": "github.com/ugorji/go/codec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/ugorji/go/codec",
|
|
"UID": "c4c3f0bfc70bbf0"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "3c40d0fb8861334d"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/yosida95/uritemplate/v3@v3.0.2/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/yosida95/uritemplate/v3",
|
|
"Name": "github.com/yosida95/uritemplate/v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/yosida95/uritemplate/v3",
|
|
"UID": "32f7292a36326318"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/go.opentelemetry.io/auto/sdk@v1.1.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "go.opentelemetry.io/auto/sdk",
|
|
"Name": "go.opentelemetry.io/auto/sdk",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/auto/sdk",
|
|
"UID": "c8cc2152dacf5a0e"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.10.0",
|
|
"go.opentelemetry.io/otel/trace@v1.32.0",
|
|
"go.opentelemetry.io/otel@v1.32.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.10.0",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.10.0",
|
|
"UID": "a654a9260ed2693e"
|
|
},
|
|
"Version": "v1.10.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel@v1.32.0",
|
|
"Name": "go.opentelemetry.io/otel",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel@v1.32.0",
|
|
"UID": "bae6f5a28176c1a2"
|
|
},
|
|
"Version": "v1.32.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/trace@v1.32.0",
|
|
"Name": "go.opentelemetry.io/otel/trace",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.32.0",
|
|
"UID": "a19e58f82e3a008d"
|
|
},
|
|
"Version": "v1.32.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "be5a5e5213ca4bf9"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/kr/pretty@v0.3.1",
|
|
"Name": "github.com/kr/pretty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/kr/pretty@v0.3.1",
|
|
"UID": "aabe7fd029a774b6"
|
|
},
|
|
"Version": "v0.3.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/rogpeppe/go-internal@v1.13.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "853fdc7184ff261b"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/rogpeppe/go-internal@v1.13.1",
|
|
"Name": "github.com/rogpeppe/go-internal",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/rogpeppe/go-internal@v1.13.1",
|
|
"UID": "ad80ec96e09611e4"
|
|
},
|
|
"Version": "v1.13.1",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c",
|
|
"Name": "gopkg.in/check.v1",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c",
|
|
"UID": "72b251005fec9d6c"
|
|
},
|
|
"Version": "v1.0.0-20201130134442-10cb98267c6c",
|
|
"Licenses": [
|
|
"BSD-2-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/kr/pretty@v0.3.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "42d90aacdc7ddd1"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.63.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",
|
|
"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",
|
|
"UID": "4058f258bdf324d8"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/felixge/httpsnoop@v1.0.4",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"go.opentelemetry.io/otel/sdk/metric@v1.38.0",
|
|
"go.opentelemetry.io/otel/sdk@v1.38.0",
|
|
"go.opentelemetry.io/otel/trace@v1.38.0",
|
|
"go.opentelemetry.io/otel@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/felixge/httpsnoop@v1.0.4",
|
|
"Name": "github.com/felixge/httpsnoop",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4",
|
|
"UID": "a039b80f4eb1f84c"
|
|
},
|
|
"Version": "v1.0.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.11.1",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1",
|
|
"UID": "53bd87f55da84574"
|
|
},
|
|
"Version": "v1.11.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel@v1.38.0",
|
|
"Name": "go.opentelemetry.io/otel",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel@v1.38.0",
|
|
"UID": "e87b8cf93cb2e841"
|
|
},
|
|
"Version": "v1.38.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3",
|
|
"github.com/go-logr/stdr@v1.2.2",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"go.opentelemetry.io/otel/trace@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"Name": "go.opentelemetry.io/otel/metric",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"UID": "7fa892bf5bb9a866"
|
|
},
|
|
"Version": "v1.38.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/sdk@v1.38.0",
|
|
"Name": "go.opentelemetry.io/otel/sdk",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.38.0",
|
|
"UID": "dc5e6317a0761848"
|
|
},
|
|
"Version": "v1.38.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3",
|
|
"github.com/google/uuid@v1.6.0",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0",
|
|
"go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"go.opentelemetry.io/otel/sdk/metric@v1.38.0",
|
|
"go.opentelemetry.io/otel/trace@v1.38.0",
|
|
"golang.org/x/sys@v0.35.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/sdk/metric@v1.38.0",
|
|
"Name": "go.opentelemetry.io/otel/sdk/metric",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/sdk/metric@v1.38.0",
|
|
"UID": "e68389c26fe5e8ab"
|
|
},
|
|
"Version": "v1.38.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3",
|
|
"github.com/go-logr/stdr@v1.2.2",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0",
|
|
"go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"go.opentelemetry.io/otel/sdk@v1.38.0",
|
|
"go.opentelemetry.io/otel/trace@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/trace@v1.38.0",
|
|
"Name": "go.opentelemetry.io/otel/trace",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.38.0",
|
|
"UID": "41afadd25c585c35"
|
|
},
|
|
"Version": "v1.38.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "4a3200f3870008b0"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/logr@v1.4.3",
|
|
"Name": "github.com/go-logr/logr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3",
|
|
"UID": "46b8185a1175b94e"
|
|
},
|
|
"Version": "v1.4.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/stdr@v1.2.2",
|
|
"Name": "github.com/go-logr/stdr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2",
|
|
"UID": "71bedaadaba749d"
|
|
},
|
|
"Version": "v1.2.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/uuid@v1.6.0",
|
|
"Name": "github.com/google/uuid",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/uuid@v1.6.0",
|
|
"UID": "ed33f96f5b7c57aa"
|
|
},
|
|
"Version": "v1.6.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "6ef67708fbb89906"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"Name": "go.opentelemetry.io/auto/sdk",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"UID": "4a151265be56043e"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0",
|
|
"go.opentelemetry.io/otel/trace@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.35.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.35.0",
|
|
"UID": "2285563d8713acbb"
|
|
},
|
|
"Version": "v0.35.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "c460ef6e83df691b"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/go.opentelemetry.io/otel/metric@v1.38.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/metric",
|
|
"Name": "go.opentelemetry.io/otel/metric",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/metric",
|
|
"UID": "d99a4617063d6605"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"github.com/go-logr/stdr@v1.2.2",
|
|
"go.opentelemetry.io/auto/sdk@v1.1.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.11.1",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1",
|
|
"UID": "bfadc12dc893d3b1"
|
|
},
|
|
"Version": "v1.11.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "84c0554309c5269"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/logr@v1.4.3",
|
|
"Name": "github.com/go-logr/logr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3",
|
|
"UID": "15a5de54c743c35b"
|
|
},
|
|
"Version": "v1.4.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/stdr@v1.2.2",
|
|
"Name": "github.com/go-logr/stdr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2",
|
|
"UID": "339a63508a49f3cc"
|
|
},
|
|
"Version": "v1.2.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "802f465a10c8dbef"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"Name": "go.opentelemetry.io/auto/sdk",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"UID": "9822fede92ecd123"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "90721466ddc7a71e"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/go.opentelemetry.io/otel/trace@v1.38.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/trace",
|
|
"Name": "go.opentelemetry.io/otel/trace",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/trace",
|
|
"UID": "a5d548837b0ca679"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "19150bc9ce6ea6c6"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.11.1",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1",
|
|
"UID": "36a454e0399866f7"
|
|
},
|
|
"Version": "v1.11.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "e5a720590aa79c7"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "8025a81ca9bfd891"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "f45959b0a0eb86f8"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/go.opentelemetry.io/otel@v1.38.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "go.opentelemetry.io/otel",
|
|
"Name": "go.opentelemetry.io/otel",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel",
|
|
"UID": "a896567f25f32160"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3",
|
|
"github.com/go-logr/stdr@v1.2.2",
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"github.com/kr/text@v0.2.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/logr@v1.4.3",
|
|
"Name": "github.com/go-logr/logr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3",
|
|
"UID": "852132a4daf66f03"
|
|
},
|
|
"Version": "v1.4.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/stdr@v1.2.2",
|
|
"Name": "github.com/go-logr/stdr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2",
|
|
"UID": "cdad7d28a25e721a"
|
|
},
|
|
"Version": "v1.2.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "82f476638cfade7d"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.11.1",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1",
|
|
"UID": "f3803cddcf45617c"
|
|
},
|
|
"Version": "v1.11.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"Name": "go.opentelemetry.io/auto/sdk",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"UID": "919818c2d8d08611"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "b8658051bee40e8"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/kr/text@v0.2.0",
|
|
"Name": "github.com/kr/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/kr/text@v0.2.0",
|
|
"UID": "c55924a2e8687df2"
|
|
},
|
|
"Version": "v0.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "af65eb6516cdd4fe"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "ec8db7873b1d57e7"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/go.opentelemetry.io/otel@v1.38.0/requirements.txt",
|
|
"Class": "lang-pkgs",
|
|
"Type": "pip",
|
|
"Packages": [
|
|
{
|
|
"Name": "codespell",
|
|
"Identifier": {
|
|
"PURL": "pkg:pypi/codespell@2.4.1",
|
|
"UID": "80a735d660f017da"
|
|
},
|
|
"Version": "2.4.1",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1,
|
|
"EndLine": 1
|
|
}
|
|
],
|
|
"AnalyzedBy": "pip"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/go.yaml.in/yaml/v2@v2.4.2/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "go.yaml.in/yaml/v2",
|
|
"Name": "go.yaml.in/yaml/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.yaml.in/yaml/v2",
|
|
"UID": "11f3d9f695c2ef33"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405",
|
|
"Name": "gopkg.in/check.v1",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405",
|
|
"UID": "141efb6d548ab324"
|
|
},
|
|
"Version": "v0.0.0-20161208181325-20d25e280405",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/crypto@v0.45.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/crypto",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto",
|
|
"UID": "4f7b77ba4fccfb74"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/net@v0.47.0",
|
|
"golang.org/x/sys@v0.38.0",
|
|
"golang.org/x/term@v0.37.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.47.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.47.0",
|
|
"UID": "624c65b9e571641a"
|
|
},
|
|
"Version": "v0.47.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/crypto",
|
|
"golang.org/x/sys@v0.38.0",
|
|
"golang.org/x/term@v0.37.0",
|
|
"golang.org/x/text@v0.31.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.38.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.38.0",
|
|
"UID": "2e24113a2958d481"
|
|
},
|
|
"Version": "v0.38.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/term@v0.37.0",
|
|
"Name": "golang.org/x/term",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/term@v0.37.0",
|
|
"UID": "b9cdb1f94f010907"
|
|
},
|
|
"Version": "v0.37.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.31.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.31.0",
|
|
"UID": "db18ed198f32190e"
|
|
},
|
|
"Version": "v0.31.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/crypto@v0.46.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/crypto",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto",
|
|
"UID": "8b892473cea8de20"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/net@v0.47.0",
|
|
"golang.org/x/sys@v0.39.0",
|
|
"golang.org/x/term@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.47.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.47.0",
|
|
"UID": "9045b0f014919e37"
|
|
},
|
|
"Version": "v0.47.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/crypto",
|
|
"golang.org/x/sys@v0.39.0",
|
|
"golang.org/x/term@v0.38.0",
|
|
"golang.org/x/text@v0.32.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.39.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.39.0",
|
|
"UID": "77d418b778564766"
|
|
},
|
|
"Version": "v0.39.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/term@v0.38.0",
|
|
"Name": "golang.org/x/term",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/term@v0.38.0",
|
|
"UID": "82ee6c80e808a7a5"
|
|
},
|
|
"Version": "v0.38.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.39.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.32.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.32.0",
|
|
"UID": "f48eb1be67c34948"
|
|
},
|
|
"Version": "v0.32.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/exp/typeparams@v0.0.0-20251023183803-a4bb9ffd2546/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/exp/typeparams",
|
|
"Name": "golang.org/x/exp/typeparams",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/exp/typeparams",
|
|
"UID": "ab198ce6d73279b9"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/mod@v0.30.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/mod",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod",
|
|
"UID": "6da003a32af1dd66"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.38.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.38.0",
|
|
"UID": "10968e415dbb41e"
|
|
},
|
|
"Version": "v0.38.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/mod"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/net@v0.47.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/net",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net",
|
|
"UID": "3e6213f21e245a90"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/crypto@v0.44.0",
|
|
"golang.org/x/sys@v0.38.0",
|
|
"golang.org/x/term@v0.37.0",
|
|
"golang.org/x/text@v0.31.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.44.0",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.44.0",
|
|
"UID": "3266a15601a7a222"
|
|
},
|
|
"Version": "v0.44.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.38.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.38.0",
|
|
"UID": "a3897fae369d7ec2"
|
|
},
|
|
"Version": "v0.38.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/term@v0.37.0",
|
|
"Name": "golang.org/x/term",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/term@v0.37.0",
|
|
"UID": "8b57f0b34060da70"
|
|
},
|
|
"Version": "v0.37.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.31.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.31.0",
|
|
"UID": "923d36d6969d3eeb"
|
|
},
|
|
"Version": "v0.31.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-47914",
|
|
"VendorIDs": [
|
|
"GHSA-f6x5-jh6r-wrfv"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.44.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.44.0",
|
|
"UID": "3266a15601a7a222"
|
|
},
|
|
"InstalledVersion": "v0.44.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:1e4e59a1e94df7a9033544088f219a68e8c099ca4fc0688bf2f0014277f2fd71",
|
|
"Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
|
|
"Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-125"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-47914",
|
|
"https://go.dev/cl/721960",
|
|
"https://go.dev/issue/76364",
|
|
"https://go.googlesource.com/crypto",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
|
|
"https://pkg.go.dev/vuln/GO-2025-4135",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-47914"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.517Z",
|
|
"LastModifiedDate": "2025-12-11T19:36:41.373Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-58181",
|
|
"VendorIDs": [
|
|
"GHSA-j5w8-q4qc-rx2x"
|
|
],
|
|
"PkgID": "golang.org/x/crypto@v0.44.0",
|
|
"PkgName": "golang.org/x/crypto",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.44.0",
|
|
"UID": "3266a15601a7a222"
|
|
},
|
|
"InstalledVersion": "v0.44.0",
|
|
"FixedVersion": "0.45.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:7359273d1fcb70cc0bdddd82753100baeef2347dfbb2ddb8559b65649f50cb82",
|
|
"Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
|
|
"Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-770"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"V3Score": 5.3
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-58181",
|
|
"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c",
|
|
"https://github.com/golang/go/issues/76363",
|
|
"https://go.dev/cl/721961",
|
|
"https://go.dev/issue/76363",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
|
|
"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
|
|
"https://pkg.go.dev/vuln/GO-2025-4134",
|
|
"https://ubuntu.com/security/notices/USN-7956-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-58181"
|
|
],
|
|
"PublishedDate": "2025-11-19T21:15:50.85Z",
|
|
"LastModifiedDate": "2025-12-11T19:29:24.9Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/sync@v0.13.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/sync",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync",
|
|
"UID": "e7137f53266e290d"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/sync@v0.18.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/sync",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync",
|
|
"UID": "8fc167faa4f0bd4c"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/sys@v0.32.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/sys",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys",
|
|
"UID": "df2fc98c1ac2fa5c"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/sys@v0.38.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/sys",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys",
|
|
"UID": "2b8722ae89d263ac"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/sys@v0.39.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/sys",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys",
|
|
"UID": "8771c9af64162d4e"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/telemetry",
|
|
"Name": "golang.org/x/telemetry",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/telemetry",
|
|
"UID": "8c68462487c5272f"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/sync@v0.18.0",
|
|
"golang.org/x/sys@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.30.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.30.0",
|
|
"UID": "729a63ad93bd3482"
|
|
},
|
|
"Version": "v0.30.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.18.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.18.0",
|
|
"UID": "69ac1f333ee9a54a"
|
|
},
|
|
"Version": "v0.18.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.38.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.38.0",
|
|
"UID": "5249a6b25239fc6b"
|
|
},
|
|
"Version": "v0.38.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54/package-lock.json",
|
|
"Class": "lang-pkgs",
|
|
"Type": "npm",
|
|
"Packages": [
|
|
{
|
|
"ID": "@observablehq/plot@0.6.9",
|
|
"Name": "@observablehq/plot",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40observablehq/plot@0.6.9",
|
|
"UID": "23b1c5ef245b5a11"
|
|
},
|
|
"Version": "0.6.9",
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"d3@7.8.5",
|
|
"interval-tree-1d@1.0.4",
|
|
"isoformat@0.2.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 275,
|
|
"EndLine": 287
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3@7.8.5",
|
|
"Name": "d3",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3@7.8.5",
|
|
"UID": "8099591601d2fa91"
|
|
},
|
|
"Version": "7.8.5",
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"d3-array@3.2.3",
|
|
"d3-axis@3.0.0",
|
|
"d3-brush@3.0.0",
|
|
"d3-chord@3.0.1",
|
|
"d3-color@3.1.0",
|
|
"d3-contour@4.0.2",
|
|
"d3-delaunay@6.0.4",
|
|
"d3-dispatch@3.0.1",
|
|
"d3-drag@3.0.0",
|
|
"d3-dsv@3.0.1",
|
|
"d3-ease@3.0.1",
|
|
"d3-fetch@3.0.1",
|
|
"d3-force@3.0.0",
|
|
"d3-format@3.1.0",
|
|
"d3-geo@3.1.0",
|
|
"d3-hierarchy@3.1.2",
|
|
"d3-interpolate@3.0.1",
|
|
"d3-path@3.1.0",
|
|
"d3-polygon@3.0.1",
|
|
"d3-quadtree@3.0.1",
|
|
"d3-random@3.0.1",
|
|
"d3-scale-chromatic@3.0.0",
|
|
"d3-scale@4.0.2",
|
|
"d3-selection@3.0.0",
|
|
"d3-shape@3.2.0",
|
|
"d3-time-format@4.1.0",
|
|
"d3-time@3.1.0",
|
|
"d3-timer@3.0.1",
|
|
"d3-transition@3.0.1",
|
|
"d3-zoom@3.0.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 833,
|
|
"EndLine": 872
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "binary-search-bounds@2.0.5",
|
|
"Name": "binary-search-bounds",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/binary-search-bounds@2.0.5",
|
|
"UID": "5a336c767151722f"
|
|
},
|
|
"Version": "2.0.5",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 622,
|
|
"EndLine": 626
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "commander@7.2.0",
|
|
"Name": "commander",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/commander@7.2.0",
|
|
"UID": "2b908f00a5b19559"
|
|
},
|
|
"Version": "7.2.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 738,
|
|
"EndLine": 745
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-array@3.2.3",
|
|
"Name": "d3-array",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-array@3.2.3",
|
|
"UID": "b40ceb63027c92c6"
|
|
},
|
|
"Version": "3.2.3",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"internmap@2.0.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 873,
|
|
"EndLine": 883
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-axis@3.0.0",
|
|
"Name": "d3-axis",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-axis@3.0.0",
|
|
"UID": "6ae84041667bdaae"
|
|
},
|
|
"Version": "3.0.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 884,
|
|
"EndLine": 891
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-brush@3.0.0",
|
|
"Name": "d3-brush",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-brush@3.0.0",
|
|
"UID": "dfc4128564cba9fd"
|
|
},
|
|
"Version": "3.0.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-dispatch@3.0.1",
|
|
"d3-drag@3.0.0",
|
|
"d3-interpolate@3.0.1",
|
|
"d3-selection@3.0.0",
|
|
"d3-transition@3.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 892,
|
|
"EndLine": 906
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-chord@3.0.1",
|
|
"Name": "d3-chord",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-chord@3.0.1",
|
|
"UID": "5a7cbe8f7ab07a89"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-path@3.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 907,
|
|
"EndLine": 917
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-color@3.1.0",
|
|
"Name": "d3-color",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-color@3.1.0",
|
|
"UID": "1341de080fd767be"
|
|
},
|
|
"Version": "3.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 918,
|
|
"EndLine": 925
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-contour@4.0.2",
|
|
"Name": "d3-contour",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-contour@4.0.2",
|
|
"UID": "aa68f02328bcdf6a"
|
|
},
|
|
"Version": "4.0.2",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-array@3.2.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 926,
|
|
"EndLine": 936
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-delaunay@6.0.4",
|
|
"Name": "d3-delaunay",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-delaunay@6.0.4",
|
|
"UID": "e6fb2dc18b724326"
|
|
},
|
|
"Version": "6.0.4",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"delaunator@5.0.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 937,
|
|
"EndLine": 947
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-dispatch@3.0.1",
|
|
"Name": "d3-dispatch",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-dispatch@3.0.1",
|
|
"UID": "6d462aef5e3edfd7"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 948,
|
|
"EndLine": 955
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-drag@3.0.0",
|
|
"Name": "d3-drag",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-drag@3.0.0",
|
|
"UID": "c620a12bae4999ba"
|
|
},
|
|
"Version": "3.0.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-dispatch@3.0.1",
|
|
"d3-selection@3.0.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 956,
|
|
"EndLine": 967
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-dsv@3.0.1",
|
|
"Name": "d3-dsv",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-dsv@3.0.1",
|
|
"UID": "70505e3cd30ccfd6"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"commander@7.2.0",
|
|
"iconv-lite@0.6.3",
|
|
"rw@1.3.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 968,
|
|
"EndLine": 991
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-ease@3.0.1",
|
|
"Name": "d3-ease",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-ease@3.0.1",
|
|
"UID": "d26b1ae4762abd61"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 992,
|
|
"EndLine": 999
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-fetch@3.0.1",
|
|
"Name": "d3-fetch",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-fetch@3.0.1",
|
|
"UID": "e5234233b4eec390"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-dsv@3.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1000,
|
|
"EndLine": 1010
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-force@3.0.0",
|
|
"Name": "d3-force",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-force@3.0.0",
|
|
"UID": "89f40f2af731ee72"
|
|
},
|
|
"Version": "3.0.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-dispatch@3.0.1",
|
|
"d3-quadtree@3.0.1",
|
|
"d3-timer@3.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1011,
|
|
"EndLine": 1023
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-format@3.1.0",
|
|
"Name": "d3-format",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-format@3.1.0",
|
|
"UID": "9280700874638e04"
|
|
},
|
|
"Version": "3.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1024,
|
|
"EndLine": 1031
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-geo@3.1.0",
|
|
"Name": "d3-geo",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-geo@3.1.0",
|
|
"UID": "67f837736a0672ec"
|
|
},
|
|
"Version": "3.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-array@3.2.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1032,
|
|
"EndLine": 1042
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-hierarchy@3.1.2",
|
|
"Name": "d3-hierarchy",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-hierarchy@3.1.2",
|
|
"UID": "ab7f7fca5fc00da7"
|
|
},
|
|
"Version": "3.1.2",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1043,
|
|
"EndLine": 1050
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-interpolate@3.0.1",
|
|
"Name": "d3-interpolate",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-interpolate@3.0.1",
|
|
"UID": "4ee2f60781135dd9"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-color@3.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1051,
|
|
"EndLine": 1061
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-path@3.1.0",
|
|
"Name": "d3-path",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-path@3.1.0",
|
|
"UID": "8b7fcf07128692df"
|
|
},
|
|
"Version": "3.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1062,
|
|
"EndLine": 1069
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-polygon@3.0.1",
|
|
"Name": "d3-polygon",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-polygon@3.0.1",
|
|
"UID": "be9500b81ec77382"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1070,
|
|
"EndLine": 1077
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-quadtree@3.0.1",
|
|
"Name": "d3-quadtree",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-quadtree@3.0.1",
|
|
"UID": "4ba734f2d5f33ca4"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1078,
|
|
"EndLine": 1085
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-random@3.0.1",
|
|
"Name": "d3-random",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-random@3.0.1",
|
|
"UID": "e6be671e37d478cf"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1086,
|
|
"EndLine": 1093
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-scale@4.0.2",
|
|
"Name": "d3-scale",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-scale@4.0.2",
|
|
"UID": "2f0c824537276e8d"
|
|
},
|
|
"Version": "4.0.2",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-array@3.2.3",
|
|
"d3-format@3.1.0",
|
|
"d3-interpolate@3.0.1",
|
|
"d3-time-format@4.1.0",
|
|
"d3-time@3.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1094,
|
|
"EndLine": 1108
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-scale-chromatic@3.0.0",
|
|
"Name": "d3-scale-chromatic",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-scale-chromatic@3.0.0",
|
|
"UID": "5c94f1030d31a0e0"
|
|
},
|
|
"Version": "3.0.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-color@3.1.0",
|
|
"d3-interpolate@3.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1109,
|
|
"EndLine": 1120
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-selection@3.0.0",
|
|
"Name": "d3-selection",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-selection@3.0.0",
|
|
"UID": "919ba094fa1dd636"
|
|
},
|
|
"Version": "3.0.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1121,
|
|
"EndLine": 1128
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-shape@3.2.0",
|
|
"Name": "d3-shape",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-shape@3.2.0",
|
|
"UID": "4e4a1b3fd7790cfa"
|
|
},
|
|
"Version": "3.2.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-path@3.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1129,
|
|
"EndLine": 1139
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-time@3.1.0",
|
|
"Name": "d3-time",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-time@3.1.0",
|
|
"UID": "dda570a5bea7ecbb"
|
|
},
|
|
"Version": "3.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-array@3.2.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1140,
|
|
"EndLine": 1150
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-time-format@4.1.0",
|
|
"Name": "d3-time-format",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-time-format@4.1.0",
|
|
"UID": "10659a112725f130"
|
|
},
|
|
"Version": "4.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-time@3.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1151,
|
|
"EndLine": 1161
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-timer@3.0.1",
|
|
"Name": "d3-timer",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-timer@3.0.1",
|
|
"UID": "490e095d4eea3ae0"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1162,
|
|
"EndLine": 1169
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-transition@3.0.1",
|
|
"Name": "d3-transition",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-transition@3.0.1",
|
|
"UID": "d131dc642332ebc1"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-color@3.1.0",
|
|
"d3-dispatch@3.0.1",
|
|
"d3-ease@3.0.1",
|
|
"d3-interpolate@3.0.1",
|
|
"d3-selection@3.0.0",
|
|
"d3-timer@3.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1170,
|
|
"EndLine": 1187
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "d3-zoom@3.0.0",
|
|
"Name": "d3-zoom",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/d3-zoom@3.0.0",
|
|
"UID": "d566565aec9e4495"
|
|
},
|
|
"Version": "3.0.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"d3-dispatch@3.0.1",
|
|
"d3-drag@3.0.0",
|
|
"d3-interpolate@3.0.1",
|
|
"d3-selection@3.0.0",
|
|
"d3-transition@3.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1188,
|
|
"EndLine": 1202
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "delaunator@5.0.0",
|
|
"Name": "delaunator",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/delaunator@5.0.0",
|
|
"UID": "786edc731a888a79"
|
|
},
|
|
"Version": "5.0.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"robust-predicates@3.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1276,
|
|
"EndLine": 1283
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "iconv-lite@0.6.3",
|
|
"Name": "iconv-lite",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/iconv-lite@0.6.3",
|
|
"UID": "411bfd533ad3f9bd"
|
|
},
|
|
"Version": "0.6.3",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"safer-buffer@2.1.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2235,
|
|
"EndLine": 2245
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "internmap@2.0.3",
|
|
"Name": "internmap",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/internmap@2.0.3",
|
|
"UID": "e17231363386d3a3"
|
|
},
|
|
"Version": "2.0.3",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2343,
|
|
"EndLine": 2350
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "interval-tree-1d@1.0.4",
|
|
"Name": "interval-tree-1d",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/interval-tree-1d@1.0.4",
|
|
"UID": "22fc6aeaeebee0e0"
|
|
},
|
|
"Version": "1.0.4",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"binary-search-bounds@2.0.5"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2351,
|
|
"EndLine": 2358
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "isoformat@0.2.1",
|
|
"Name": "isoformat",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/isoformat@0.2.1",
|
|
"UID": "8d98b06b73faaa54"
|
|
},
|
|
"Version": "0.2.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2634,
|
|
"EndLine": 2638
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "robust-predicates@3.0.1",
|
|
"Name": "robust-predicates",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/robust-predicates@3.0.1",
|
|
"UID": "8be5188433512318"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3612,
|
|
"EndLine": 3616
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "rw@1.3.3",
|
|
"Name": "rw",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/rw@1.3.3",
|
|
"UID": "83e556b6366f04d8"
|
|
},
|
|
"Version": "1.3.3",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3640,
|
|
"EndLine": 3644
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "safer-buffer@2.1.2",
|
|
"Name": "safer-buffer",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/safer-buffer@2.1.2",
|
|
"UID": "d2bebc0887140177"
|
|
},
|
|
"Version": "2.1.2",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3659,
|
|
"EndLine": 3663
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/text@v0.31.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/text",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text",
|
|
"UID": "be2d0107c1074f95"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.38.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.38.0",
|
|
"UID": "bef84abf164218e"
|
|
},
|
|
"Version": "v0.38.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.29.0",
|
|
"golang.org/x/sync@v0.18.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.29.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.29.0",
|
|
"UID": "9018e51f90508b9d"
|
|
},
|
|
"Version": "v0.29.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.18.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.18.0",
|
|
"UID": "5d96efe5453f36f1"
|
|
},
|
|
"Version": "v0.18.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/text@v0.32.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/text",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text",
|
|
"UID": "b0126b3e1430bd59"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.39.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.39.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.39.0",
|
|
"UID": "af1a5a8855f33595"
|
|
},
|
|
"Version": "v0.39.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/sync@v0.19.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.30.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.30.0",
|
|
"UID": "e2e6473f49c27754"
|
|
},
|
|
"Version": "v0.30.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.39.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.19.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.19.0",
|
|
"UID": "ca7b27fa8043b1d6"
|
|
},
|
|
"Version": "v0.19.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/tools/gopls@v0.21.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/tools/gopls",
|
|
"Name": "golang.org/x/tools/gopls",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools/gopls",
|
|
"UID": "c0566544def3f6ac"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/fatih/gomodifytags@v1.17.1-0.20250423142747-f3939df9aa3c",
|
|
"github.com/fsnotify/fsnotify@v1.9.0",
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"github.com/jba/templatecheck@v0.7.1",
|
|
"github.com/modelcontextprotocol/go-sdk@v0.8.0",
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/sync@v0.18.0",
|
|
"golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54",
|
|
"golang.org/x/text@v0.31.0",
|
|
"golang.org/x/tools@v0.39.1-0.20251205192105-907593008619",
|
|
"golang.org/x/vuln@v1.1.4",
|
|
"gopkg.in/yaml.v3@v3.0.1",
|
|
"honnef.co/go/tools@v0.7.0-0.dev.0.20251022135355-8273271481d0",
|
|
"mvdan.cc/gofumpt@v0.8.0",
|
|
"mvdan.cc/xurls/v2@v2.6.0",
|
|
"github.com/google/safehtml@v0.1.0",
|
|
"golang.org/x/tools/go/expect@v0.1.1-deprecated",
|
|
"golang.org/x/tools/go/packages/packagestest@v0.1.1-deprecated"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/fatih/gomodifytags@v1.17.1-0.20250423142747-f3939df9aa3c",
|
|
"Name": "github.com/fatih/gomodifytags",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/gomodifytags@v1.17.1-0.20250423142747-f3939df9aa3c",
|
|
"UID": "eeab7beabf59a547"
|
|
},
|
|
"Version": "v1.17.1-0.20250423142747-f3939df9aa3c",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/fatih/camelcase@v1.0.0",
|
|
"github.com/fatih/structtag@v1.2.0",
|
|
"golang.org/x/tools@v0.39.1-0.20251205192105-907593008619"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/fsnotify/fsnotify@v1.9.0",
|
|
"Name": "github.com/fsnotify/fsnotify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.9.0",
|
|
"UID": "94defbefec806664"
|
|
},
|
|
"Version": "v1.9.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "5c41a8e675dca6d2"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jba/templatecheck@v0.7.1",
|
|
"Name": "github.com/jba/templatecheck",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jba/templatecheck@v0.7.1",
|
|
"UID": "7dc2938927b028b7"
|
|
},
|
|
"Version": "v0.7.1",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/modelcontextprotocol/go-sdk@v0.8.0",
|
|
"Name": "github.com/modelcontextprotocol/go-sdk",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modelcontextprotocol/go-sdk@v0.8.0",
|
|
"UID": "4230c8b3b2b13cff"
|
|
},
|
|
"Version": "v0.8.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"github.com/google/jsonschema-go@v0.3.0",
|
|
"github.com/yosida95/uritemplate/v3@v3.0.2",
|
|
"golang.org/x/tools@v0.39.1-0.20251205192105-907593008619"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.30.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.30.0",
|
|
"UID": "4201c8b643e2994e"
|
|
},
|
|
"Version": "v0.30.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.39.1-0.20251205192105-907593008619"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.18.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.18.0",
|
|
"UID": "412031f01b9c7065"
|
|
},
|
|
"Version": "v0.18.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54",
|
|
"Name": "golang.org/x/telemetry",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54",
|
|
"UID": "4ce8f18ba59e64a7"
|
|
},
|
|
"Version": "v0.0.0-20251111182119-bc8e575c7b54",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/sync@v0.18.0",
|
|
"golang.org/x/sys@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.31.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.31.0",
|
|
"UID": "f7b78019c23cd033"
|
|
},
|
|
"Version": "v0.31.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.39.1-0.20251205192105-907593008619"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.39.1-0.20251205192105-907593008619",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.39.1-0.20251205192105-907593008619",
|
|
"UID": "af540b8296f372a3"
|
|
},
|
|
"Version": "v0.39.1-0.20251205192105-907593008619",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/sync@v0.18.0",
|
|
"golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/vuln@v1.1.4",
|
|
"Name": "golang.org/x/vuln",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/vuln@v1.1.4",
|
|
"UID": "a2c3563a17c39444"
|
|
},
|
|
"Version": "v1.1.4",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/sync@v0.18.0",
|
|
"golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54",
|
|
"golang.org/x/tools@v0.39.1-0.20251205192105-907593008619"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "1838816393706a8e"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"gopkg.in/check.v1@v1.0.0-20190902080502-41f04d3bba15"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "honnef.co/go/tools@v0.7.0-0.dev.0.20251022135355-8273271481d0",
|
|
"Name": "honnef.co/go/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/honnef.co/go/tools@v0.7.0-0.dev.0.20251022135355-8273271481d0",
|
|
"UID": "7673ede013451179"
|
|
},
|
|
"Version": "v0.7.0-0.dev.0.20251022135355-8273271481d0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/BurntSushi/toml@v1.5.0",
|
|
"golang.org/x/exp/typeparams@v0.0.0-20251023183803-a4bb9ffd2546",
|
|
"golang.org/x/sys@v0.38.0",
|
|
"golang.org/x/tools@v0.39.1-0.20251205192105-907593008619"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "mvdan.cc/gofumpt@v0.8.0",
|
|
"Name": "mvdan.cc/gofumpt",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/mvdan.cc/gofumpt@v0.8.0",
|
|
"UID": "d17cb3290ff5461"
|
|
},
|
|
"Version": "v0.8.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/sync@v0.18.0",
|
|
"golang.org/x/sys@v0.38.0",
|
|
"golang.org/x/tools@v0.39.1-0.20251205192105-907593008619"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "mvdan.cc/xurls/v2@v2.6.0",
|
|
"Name": "mvdan.cc/xurls/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/mvdan.cc/xurls/v2@v2.6.0",
|
|
"UID": "d0a9cdb45ef74a94"
|
|
},
|
|
"Version": "v2.6.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/sync@v0.18.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/BurntSushi/toml@v1.5.0",
|
|
"Name": "github.com/BurntSushi/toml",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/burntsushi/toml@v1.5.0",
|
|
"UID": "eec193d3b4eb7b13"
|
|
},
|
|
"Version": "v1.5.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/fatih/camelcase@v1.0.0",
|
|
"Name": "github.com/fatih/camelcase",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/camelcase@v1.0.0",
|
|
"UID": "79b774536154abff"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/fatih/structtag@v1.2.0",
|
|
"Name": "github.com/fatih/structtag",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/structtag@v1.2.0",
|
|
"UID": "2e2dfb2cb4d9b0fd"
|
|
},
|
|
"Version": "v1.2.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/jsonschema-go@v0.3.0",
|
|
"Name": "github.com/google/jsonschema-go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/jsonschema-go@v0.3.0",
|
|
"UID": "f3dcd4ae1fc1dbd7"
|
|
},
|
|
"Version": "v0.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.7.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/safehtml@v0.1.0",
|
|
"Name": "github.com/google/safehtml",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/safehtml@v0.1.0",
|
|
"UID": "a2facc0dba4f0df5"
|
|
},
|
|
"Version": "v0.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/yosida95/uritemplate/v3@v3.0.2",
|
|
"Name": "github.com/yosida95/uritemplate/v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/yosida95/uritemplate/v3@v3.0.2",
|
|
"UID": "50ab03796ff00b17"
|
|
},
|
|
"Version": "v3.0.2",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/exp/typeparams@v0.0.0-20251023183803-a4bb9ffd2546",
|
|
"Name": "golang.org/x/exp/typeparams",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/exp/typeparams@v0.0.0-20251023183803-a4bb9ffd2546",
|
|
"UID": "35dfd5210f15d7d4"
|
|
},
|
|
"Version": "v0.0.0-20251023183803-a4bb9ffd2546",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.38.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.38.0",
|
|
"UID": "a3dcf0e74705673a"
|
|
},
|
|
"Version": "v0.38.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools/go/expect@v0.1.1-deprecated",
|
|
"Name": "golang.org/x/tools/go/expect",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools/go/expect@v0.1.1-deprecated",
|
|
"UID": "5e0661c2900ac8a2"
|
|
},
|
|
"Version": "v0.1.1-deprecated",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools/go/packages/packagestest@v0.1.1-deprecated",
|
|
"Name": "golang.org/x/tools/go/packages/packagestest",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools/go/packages/packagestest@v0.1.1-deprecated",
|
|
"UID": "105a58f11a1e540d"
|
|
},
|
|
"Version": "v0.1.1-deprecated",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/check.v1@v1.0.0-20190902080502-41f04d3bba15",
|
|
"Name": "gopkg.in/check.v1",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/check.v1@v1.0.0-20190902080502-41f04d3bba15",
|
|
"UID": "8d28a77298cd6311"
|
|
},
|
|
"Version": "v1.0.0-20190902080502-41f04d3bba15",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/tools@v0.21.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/tools",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools",
|
|
"UID": "911424de00415e7c"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.6.0",
|
|
"github.com/yuin/goldmark@v1.4.13",
|
|
"golang.org/x/mod@v0.17.0",
|
|
"golang.org/x/net@v0.25.0",
|
|
"golang.org/x/sync@v0.7.0",
|
|
"golang.org/x/telemetry@v0.0.0-20240228155512-f48c80bd79b2",
|
|
"golang.org/x/sys@v0.20.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.6.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0",
|
|
"UID": "9fca2cfb2436947a"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/yuin/goldmark@v1.4.13",
|
|
"Name": "github.com/yuin/goldmark",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/yuin/goldmark@v1.4.13",
|
|
"UID": "4a5b3f25f26cb275"
|
|
},
|
|
"Version": "v1.4.13",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.17.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.17.0",
|
|
"UID": "3db1a539832a141a"
|
|
},
|
|
"Version": "v0.17.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/tools"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.25.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.25.0",
|
|
"UID": "35a3cf0a9a6ff4f1"
|
|
},
|
|
"Version": "v0.25.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.7.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.7.0",
|
|
"UID": "281555d1b0b0d2c1"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/telemetry@v0.0.0-20240228155512-f48c80bd79b2",
|
|
"Name": "golang.org/x/telemetry",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/telemetry@v0.0.0-20240228155512-f48c80bd79b2",
|
|
"UID": "9696f466810c8bf3"
|
|
},
|
|
"Version": "v0.0.0-20240228155512-f48c80bd79b2",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.20.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.20.0",
|
|
"UID": "6c34b48b1800c9ce"
|
|
},
|
|
"Version": "v0.20.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
],
|
|
"Vulnerabilities": [
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22870",
|
|
"VendorIDs": [
|
|
"GHSA-qxp5-gwg8-xv66"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.25.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.25.0",
|
|
"UID": "35a3cf0a9a6ff4f1"
|
|
},
|
|
"InstalledVersion": "v0.25.0",
|
|
"FixedVersion": "0.36.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:3f461da3dcb22ca15c15c9580f668f2ae4a7319ab65d78afa332f6a0edc1f6d6",
|
|
"Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
|
|
"Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
|
|
"Severity": "MEDIUM",
|
|
"CweIDs": [
|
|
"CWE-115"
|
|
],
|
|
"VendorSeverity": {
|
|
"amazon": 2,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2,
|
|
"ubuntu": 2
|
|
},
|
|
"CVSS": {
|
|
"ghsa": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
},
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
|
"V3Score": 4.4
|
|
}
|
|
},
|
|
"References": [
|
|
"http://www.openwall.com/lists/oss-security/2025/03/07/2",
|
|
"https://access.redhat.com/security/cve/CVE-2025-22870",
|
|
"https://github.com/golang/go/issues/71984",
|
|
"https://go-review.googlesource.com/q/project:net",
|
|
"https://go.dev/cl/654697",
|
|
"https://go.dev/issue/71984",
|
|
"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
|
|
"https://pkg.go.dev/vuln/GO-2025-3503",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250509-0007/",
|
|
"https://ubuntu.com/security/notices/USN-7574-1",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22870"
|
|
],
|
|
"PublishedDate": "2025-03-12T19:15:38.31Z",
|
|
"LastModifiedDate": "2025-05-09T20:15:38.727Z"
|
|
},
|
|
{
|
|
"VulnerabilityID": "CVE-2025-22872",
|
|
"VendorIDs": [
|
|
"GHSA-vvgc-356p-c3xw"
|
|
],
|
|
"PkgID": "golang.org/x/net@v0.25.0",
|
|
"PkgName": "golang.org/x/net",
|
|
"PkgIdentifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.25.0",
|
|
"UID": "35a3cf0a9a6ff4f1"
|
|
},
|
|
"InstalledVersion": "v0.25.0",
|
|
"FixedVersion": "0.38.0",
|
|
"Status": "fixed",
|
|
"SeveritySource": "ghsa",
|
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872",
|
|
"DataSource": {
|
|
"ID": "ghsa",
|
|
"Name": "GitHub Security Advisory Go",
|
|
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
|
|
},
|
|
"Fingerprint": "sha256:b149c5cc5d3664fec7c79af144dfabc1c372c15fe543b22ec99878f84be4c236",
|
|
"Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
|
|
"Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
|
|
"Severity": "MEDIUM",
|
|
"VendorSeverity": {
|
|
"amazon": 3,
|
|
"azure": 2,
|
|
"cbl-mariner": 2,
|
|
"ghsa": 2,
|
|
"redhat": 2
|
|
},
|
|
"CVSS": {
|
|
"redhat": {
|
|
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
|
|
"V3Score": 6.5
|
|
}
|
|
},
|
|
"References": [
|
|
"https://access.redhat.com/security/cve/CVE-2025-22872",
|
|
"https://github.com/advisories/GHSA-vvgc-356p-c3xw",
|
|
"https://go.dev/cl/662715",
|
|
"https://go.dev/issue/73070",
|
|
"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2025-22872",
|
|
"https://pkg.go.dev/vuln/GO-2025-3595",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007",
|
|
"https://security.netapp.com/advisory/ntap-20250516-0007/",
|
|
"https://www.cve.org/CVERecord?id=CVE-2025-22872"
|
|
],
|
|
"PublishedDate": "2025-04-16T18:16:04.183Z",
|
|
"LastModifiedDate": "2025-05-16T23:15:19.707Z"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/tools@v0.39.1-0.20251205192105-907593008619/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/tools",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools",
|
|
"UID": "f9e9e0ebd1a4d3f4"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.6.0",
|
|
"github.com/yuin/goldmark@v1.4.13",
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/net@v0.47.0",
|
|
"golang.org/x/sync@v0.18.0",
|
|
"golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.6.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0",
|
|
"UID": "d30f9ac731f64a88"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/yuin/goldmark@v1.4.13",
|
|
"Name": "github.com/yuin/goldmark",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/yuin/goldmark@v1.4.13",
|
|
"UID": "1613e7ce0bac53ab"
|
|
},
|
|
"Version": "v1.4.13",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.30.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.30.0",
|
|
"UID": "1a792b06c6e9287f"
|
|
},
|
|
"Version": "v0.30.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/tools"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.47.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.47.0",
|
|
"UID": "5b1263e11561060b"
|
|
},
|
|
"Version": "v0.47.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.18.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.18.0",
|
|
"UID": "409a697b5d58e67c"
|
|
},
|
|
"Version": "v0.18.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54",
|
|
"Name": "golang.org/x/telemetry",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/telemetry@v0.0.0-20251111182119-bc8e575c7b54",
|
|
"UID": "27e99d80b3ceb0ca"
|
|
},
|
|
"Version": "v0.0.0-20251111182119-bc8e575c7b54",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.30.0",
|
|
"golang.org/x/sync@v0.18.0",
|
|
"golang.org/x/sys@v0.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.38.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.38.0",
|
|
"UID": "aefc817c0d20604b"
|
|
},
|
|
"Version": "v0.38.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/golang.org/x/vuln@v1.1.4/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "golang.org/x/vuln",
|
|
"Name": "golang.org/x/vuln",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/vuln",
|
|
"UID": "2f279c5baf4ec6e3"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmdtest@v0.4.1-0.20220921163831-55ab3332a786",
|
|
"github.com/google/go-cmp@v0.6.0",
|
|
"golang.org/x/mod@v0.22.0",
|
|
"golang.org/x/sync@v0.10.0",
|
|
"golang.org/x/telemetry@v0.0.0-20240522233618-39ace7a40ae7",
|
|
"golang.org/x/tools@v0.29.0",
|
|
"github.com/google/renameio@v0.1.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmdtest@v0.4.1-0.20220921163831-55ab3332a786",
|
|
"Name": "github.com/google/go-cmdtest",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmdtest@v0.4.1-0.20220921163831-55ab3332a786",
|
|
"UID": "49b8bd02c722e96c"
|
|
},
|
|
"Version": "v0.4.1-0.20220921163831-55ab3332a786",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.6.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0",
|
|
"UID": "58c5666ae81c82de"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.22.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.22.0",
|
|
"UID": "6a4dfb7e4a0ac45c"
|
|
},
|
|
"Version": "v0.22.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.29.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.10.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.10.0",
|
|
"UID": "81dd4ae4349044ee"
|
|
},
|
|
"Version": "v0.10.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/telemetry@v0.0.0-20240522233618-39ace7a40ae7",
|
|
"Name": "golang.org/x/telemetry",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/telemetry@v0.0.0-20240522233618-39ace7a40ae7",
|
|
"UID": "ad030658c517edfa"
|
|
},
|
|
"Version": "v0.0.0-20240522233618-39ace7a40ae7",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.22.0",
|
|
"golang.org/x/sync@v0.10.0",
|
|
"golang.org/x/sys@v0.29.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.29.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.29.0",
|
|
"UID": "bae70f379206aaf7"
|
|
},
|
|
"Version": "v0.29.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/google/go-cmp@v0.6.0",
|
|
"golang.org/x/mod@v0.22.0",
|
|
"golang.org/x/sync@v0.10.0",
|
|
"golang.org/x/telemetry@v0.0.0-20240522233618-39ace7a40ae7"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/renameio@v0.1.0",
|
|
"Name": "github.com/google/renameio",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/renameio@v0.1.0",
|
|
"UID": "b0f72e7e069b4711"
|
|
},
|
|
"Version": "v0.1.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.29.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.29.0",
|
|
"UID": "4f2cb09e1e4f90cc"
|
|
},
|
|
"Version": "v0.29.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/google.golang.org/protobuf@v1.36.10/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "google.golang.org/protobuf",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf",
|
|
"UID": "f6c179fdc3371bc9"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/golang/protobuf@v1.5.0",
|
|
"github.com/google/go-cmp@v0.7.0",
|
|
"golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/golang/protobuf@v1.5.0",
|
|
"Name": "github.com/golang/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/golang/protobuf@v1.5.0",
|
|
"UID": "f7290d2c54c87c6f"
|
|
},
|
|
"Version": "v1.5.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.7.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0",
|
|
"UID": "f2dda5e72907ed42"
|
|
},
|
|
"Version": "v0.7.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543",
|
|
"Name": "golang.org/x/xerrors",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543",
|
|
"UID": "1385e807fabcd0"
|
|
},
|
|
"Version": "v0.0.0-20191204190536-9bdfabe68543",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/google.golang.org/protobuf@v1.36.9/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "google.golang.org/protobuf",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf",
|
|
"UID": "d71ec4c985a347cd"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/golang/protobuf@v1.5.0",
|
|
"github.com/google/go-cmp@v0.5.5",
|
|
"golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/golang/protobuf@v1.5.0",
|
|
"Name": "github.com/golang/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/golang/protobuf@v1.5.0",
|
|
"UID": "c0ff6289b5e3428c"
|
|
},
|
|
"Version": "v1.5.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.5.5",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.5.5",
|
|
"UID": "dd7c416433acb18e"
|
|
},
|
|
"Version": "v0.5.5",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543",
|
|
"Name": "golang.org/x/xerrors",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543",
|
|
"UID": "f3d4e1ebc1564933"
|
|
},
|
|
"Version": "v0.0.0-20191204190536-9bdfabe68543",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/gopkg.in/natefinch/lumberjack.v2@v2.2.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "gopkg.in/natefinch/lumberjack.v2",
|
|
"Name": "gopkg.in/natefinch/lumberjack.v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/natefinch/lumberjack.v2",
|
|
"UID": "5918228c99034397"
|
|
},
|
|
"Relationship": "root",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/gopkg.in/yaml.v3@v3.0.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "gopkg.in/yaml.v3",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3",
|
|
"UID": "17b625399d3ef796"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405",
|
|
"Name": "gopkg.in/check.v1",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405",
|
|
"UID": "8ec7937c4c57ed27"
|
|
},
|
|
"Version": "v0.0.0-20161208181325-20d25e280405",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/gorm.io/driver/sqlite@v1.6.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "gorm.io/driver/sqlite",
|
|
"Name": "gorm.io/driver/sqlite",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gorm.io/driver/sqlite",
|
|
"UID": "2cf4360a7c33b1d9"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-sqlite3@v1.14.22",
|
|
"gorm.io/gorm@v1.30.0",
|
|
"github.com/jinzhu/inflection@v1.0.0",
|
|
"github.com/jinzhu/now@v1.1.5",
|
|
"golang.org/x/text@v0.20.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-sqlite3@v1.14.22",
|
|
"Name": "github.com/mattn/go-sqlite3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-sqlite3@v1.14.22",
|
|
"UID": "b0ab3e7338243429"
|
|
},
|
|
"Version": "v1.14.22",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gorm.io/gorm@v1.30.0",
|
|
"Name": "gorm.io/gorm",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gorm.io/gorm@v1.30.0",
|
|
"UID": "5500e476cd87a965"
|
|
},
|
|
"Version": "v1.30.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jinzhu/inflection@v1.0.0",
|
|
"Name": "github.com/jinzhu/inflection",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jinzhu/inflection@v1.0.0",
|
|
"UID": "aae7ca0c84d5f4db"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jinzhu/now@v1.1.5",
|
|
"Name": "github.com/jinzhu/now",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jinzhu/now@v1.1.5",
|
|
"UID": "25d1d50150bab2c2"
|
|
},
|
|
"Version": "v1.1.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.20.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.20.0",
|
|
"UID": "fbc6c1b18a133c07"
|
|
},
|
|
"Version": "v0.20.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/gorm.io/gorm@v1.31.1/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "gorm.io/gorm",
|
|
"Name": "gorm.io/gorm",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gorm.io/gorm",
|
|
"UID": "b7fa2671c5ac23a7"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/jinzhu/inflection@v1.0.0",
|
|
"github.com/jinzhu/now@v1.1.5",
|
|
"golang.org/x/text@v0.20.0",
|
|
"gorm.io/driver/sqlite@v1.6.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jinzhu/inflection@v1.0.0",
|
|
"Name": "github.com/jinzhu/inflection",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jinzhu/inflection@v1.0.0",
|
|
"UID": "b6f8e52a09f74db2"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jinzhu/now@v1.1.5",
|
|
"Name": "github.com/jinzhu/now",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jinzhu/now@v1.1.5",
|
|
"UID": "91144150a7ba8497"
|
|
},
|
|
"Version": "v1.1.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.20.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.20.0",
|
|
"UID": "605d8105723a4122"
|
|
},
|
|
"Version": "v0.20.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-sqlite3@v1.14.22",
|
|
"Name": "github.com/mattn/go-sqlite3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-sqlite3@v1.14.22",
|
|
"UID": "792a331da234cfdf"
|
|
},
|
|
"Version": "v1.14.22",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gorm.io/driver/sqlite@v1.6.0",
|
|
"Name": "gorm.io/driver/sqlite",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gorm.io/driver/sqlite@v1.6.0",
|
|
"UID": "8cc86bc93247b2c6"
|
|
},
|
|
"Version": "v1.6.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-sqlite3@v1.14.22",
|
|
"gorm.io/gorm"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/honnef.co/go/tools@v0.7.0-0.dev.0.20251022135355-8273271481d0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "honnef.co/go/tools",
|
|
"Name": "honnef.co/go/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/honnef.co/go/tools",
|
|
"UID": "52736e98d1b249ce"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/BurntSushi/toml@v1.4.1-0.20240526193622-a339e1f7089c",
|
|
"golang.org/x/exp/typeparams@v0.0.0-20231108232855-2478ac86f678",
|
|
"golang.org/x/exp@v0.0.0-20231110203233-9a3e6036ecaa",
|
|
"golang.org/x/sys@v0.33.0",
|
|
"golang.org/x/tools@v0.33.1-0.20250521210010-423c5afcceff",
|
|
"golang.org/x/sync@v0.14.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/BurntSushi/toml@v1.4.1-0.20240526193622-a339e1f7089c",
|
|
"Name": "github.com/BurntSushi/toml",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/burntsushi/toml@v1.4.1-0.20240526193622-a339e1f7089c",
|
|
"UID": "b2f362d95c9b1e"
|
|
},
|
|
"Version": "v1.4.1-0.20240526193622-a339e1f7089c",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/exp@v0.0.0-20231110203233-9a3e6036ecaa",
|
|
"Name": "golang.org/x/exp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20231110203233-9a3e6036ecaa",
|
|
"UID": "466b547d91344e53"
|
|
},
|
|
"Version": "v0.0.0-20231110203233-9a3e6036ecaa",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.24.0",
|
|
"golang.org/x/tools@v0.33.1-0.20250521210010-423c5afcceff"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/exp/typeparams@v0.0.0-20231108232855-2478ac86f678",
|
|
"Name": "golang.org/x/exp/typeparams",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/exp/typeparams@v0.0.0-20231108232855-2478ac86f678",
|
|
"UID": "c60ff57bbd96de60"
|
|
},
|
|
"Version": "v0.0.0-20231108232855-2478ac86f678",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.33.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.33.0",
|
|
"UID": "cb0c0c73636eae24"
|
|
},
|
|
"Version": "v0.33.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.33.1-0.20250521210010-423c5afcceff",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.33.1-0.20250521210010-423c5afcceff",
|
|
"UID": "57e745c97af69881"
|
|
},
|
|
"Version": "v0.33.1-0.20250521210010-423c5afcceff",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.24.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.24.0",
|
|
"UID": "851c239296d305f5"
|
|
},
|
|
"Version": "v0.24.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.33.1-0.20250521210010-423c5afcceff"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.14.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.14.0",
|
|
"UID": "dc0d64f4988c7925"
|
|
},
|
|
"Version": "v0.14.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/mvdan.cc/gofumpt@v0.8.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "mvdan.cc/gofumpt",
|
|
"Name": "mvdan.cc/gofumpt",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/mvdan.cc/gofumpt",
|
|
"UID": "7927a99fcf3ddcdd"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/go-quicktest/qt@v1.101.0",
|
|
"github.com/google/go-cmp@v0.6.0",
|
|
"github.com/rogpeppe/go-internal@v1.14.1",
|
|
"golang.org/x/mod@v0.24.0",
|
|
"golang.org/x/sync@v0.13.0",
|
|
"golang.org/x/sys@v0.32.0",
|
|
"golang.org/x/tools@v0.32.0",
|
|
"github.com/kr/pretty@v0.3.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-quicktest/qt@v1.101.0",
|
|
"Name": "github.com/go-quicktest/qt",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-quicktest/qt@v1.101.0",
|
|
"UID": "159f5908e56cdf4f"
|
|
},
|
|
"Version": "v1.101.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/go-cmp@v0.6.0",
|
|
"Name": "github.com/google/go-cmp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0",
|
|
"UID": "e24e0617f6e415b"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/rogpeppe/go-internal@v1.14.1",
|
|
"Name": "github.com/rogpeppe/go-internal",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/rogpeppe/go-internal@v1.14.1",
|
|
"UID": "17a29e2d88b2e85e"
|
|
},
|
|
"Version": "v1.14.1",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/mod@v0.24.0",
|
|
"golang.org/x/sys@v0.32.0",
|
|
"golang.org/x/tools@v0.32.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.24.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.24.0",
|
|
"UID": "37e22e5e70990294"
|
|
},
|
|
"Version": "v0.24.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.32.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.13.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.13.0",
|
|
"UID": "b7c4870281d0043b"
|
|
},
|
|
"Version": "v0.13.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.32.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.32.0",
|
|
"UID": "e2164ab51d172861"
|
|
},
|
|
"Version": "v0.32.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.32.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.32.0",
|
|
"UID": "47dc49364dc7b69e"
|
|
},
|
|
"Version": "v0.32.0",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/kr/pretty@v0.3.1",
|
|
"Name": "github.com/kr/pretty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/kr/pretty@v0.3.1",
|
|
"UID": "8900ca6d2b1c91aa"
|
|
},
|
|
"Version": "v0.3.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/kr/text@v0.2.0",
|
|
"github.com/rogpeppe/go-internal@v1.14.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/kr/text@v0.2.0",
|
|
"Name": "github.com/kr/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/kr/text@v0.2.0",
|
|
"UID": "a3faff61c4334fa7"
|
|
},
|
|
"Version": "v0.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/mvdan.cc/xurls/v2@v2.6.0/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "mvdan.cc/xurls/v2",
|
|
"Name": "mvdan.cc/xurls/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/mvdan.cc/xurls/v2",
|
|
"UID": "e474feac1c29d8ad"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/rogpeppe/go-internal@v1.13.2-0.20241226121412-a5dc8ff20d0a",
|
|
"golang.org/x/mod@v0.22.0",
|
|
"golang.org/x/sync@v0.10.0",
|
|
"golang.org/x/sys@v0.28.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/rogpeppe/go-internal@v1.13.2-0.20241226121412-a5dc8ff20d0a",
|
|
"Name": "github.com/rogpeppe/go-internal",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/rogpeppe/go-internal@v1.13.2-0.20241226121412-a5dc8ff20d0a",
|
|
"UID": "fdab7971cd8da00a"
|
|
},
|
|
"Version": "v1.13.2-0.20241226121412-a5dc8ff20d0a",
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/mod@v0.22.0",
|
|
"Name": "golang.org/x/mod",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/mod@v0.22.0",
|
|
"UID": "2af6015915cbc57e"
|
|
},
|
|
"Version": "v0.22.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/tools@v0.28.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sync@v0.10.0",
|
|
"Name": "golang.org/x/sync",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sync@v0.10.0",
|
|
"UID": "ebe302324cf1fae2"
|
|
},
|
|
"Version": "v0.10.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.28.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.28.0",
|
|
"UID": "e60a1ff2f1358b74"
|
|
},
|
|
"Version": "v0.28.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/tools@v0.28.0",
|
|
"Name": "golang.org/x/tools",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/tools@v0.28.0",
|
|
"UID": "65666439c837beff"
|
|
},
|
|
"Version": "v0.28.0",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": "Python",
|
|
"Class": "lang-pkgs",
|
|
"Type": "python-pkg",
|
|
"Packages": [
|
|
{
|
|
"Name": "my-test-package",
|
|
"Identifier": {
|
|
"PURL": "pkg:pypi/my-test-package@1.0",
|
|
"UID": "9d084c3574516ab2"
|
|
},
|
|
"Version": "1.0",
|
|
"Licenses": [
|
|
"UNKNOWN"
|
|
],
|
|
"FilePath": ".venv/lib/python3.12/site-packages/pkg_resources/tests/data/my-test-package_zipped-egg/my_test_package-1.0-py3.7.egg",
|
|
"AnalyzedBy": "python-egg"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": "backend/go.mod",
|
|
"Class": "lang-pkgs",
|
|
"Type": "gomod",
|
|
"Packages": [
|
|
{
|
|
"ID": "github.com/Wikid82/charon/backend",
|
|
"Name": "github.com/Wikid82/charon/backend",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/wikid82/charon/backend",
|
|
"UID": "b5f8c1d40c9ebefd"
|
|
},
|
|
"Relationship": "root",
|
|
"DependsOn": [
|
|
"github.com/containrrr/shoutrrr@v0.8.0",
|
|
"github.com/docker/docker@v28.5.2+incompatible",
|
|
"github.com/gin-contrib/gzip@v1.2.5",
|
|
"github.com/gin-gonic/gin@v1.11.0",
|
|
"github.com/glebarez/sqlite@v1.11.0",
|
|
"github.com/golang-jwt/jwt/v5@v5.3.1",
|
|
"github.com/google/uuid@v1.6.0",
|
|
"github.com/gorilla/websocket@v1.5.3",
|
|
"github.com/oschwald/geoip2-golang/v2@v2.1.0",
|
|
"github.com/prometheus/client_golang@v1.23.2",
|
|
"github.com/robfig/cron/v3@v3.0.1",
|
|
"github.com/sirupsen/logrus@v1.9.4",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/crypto@v0.47.0",
|
|
"golang.org/x/net@v0.49.0",
|
|
"golang.org/x/text@v0.33.0",
|
|
"gopkg.in/natefinch/lumberjack.v2@v2.2.1",
|
|
"gorm.io/driver/sqlite@v1.6.0",
|
|
"gorm.io/gorm@v1.31.1",
|
|
"github.com/containerd/errdefs/pkg@v0.3.0",
|
|
"github.com/containerd/log@v0.1.0",
|
|
"github.com/distribution/reference@v0.6.0",
|
|
"github.com/docker/go-connections@v0.6.0",
|
|
"github.com/docker/go-units@v0.5.0",
|
|
"github.com/moby/docker-image-spec@v1.3.1",
|
|
"github.com/moby/sys/atomicwriter@v0.1.0",
|
|
"github.com/moby/term@v0.5.2",
|
|
"github.com/morikuni/aec@v1.0.0",
|
|
"github.com/pkg/errors@v0.9.1",
|
|
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.63.0",
|
|
"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.38.0",
|
|
"gotest.tools/v3@v3.5.2"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/containrrr/shoutrrr@v0.8.0",
|
|
"Name": "github.com/containrrr/shoutrrr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/containrrr/shoutrrr@v0.8.0",
|
|
"UID": "3fd7113688809956"
|
|
},
|
|
"Version": "v0.8.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/fatih/color@v1.15.0",
|
|
"github.com/mattn/go-colorable@v0.1.13",
|
|
"github.com/mattn/go-isatty@v0.0.20",
|
|
"github.com/onsi/ginkgo/v2@v2.9.5",
|
|
"golang.org/x/net@v0.49.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/docker/docker@v28.5.2+incompatible",
|
|
"Name": "github.com/docker/docker",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible",
|
|
"UID": "fa8d35b7ab76bf9d"
|
|
},
|
|
"Version": "v28.5.2+incompatible",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gin-contrib/gzip@v1.2.5",
|
|
"Name": "github.com/gin-contrib/gzip",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gin-contrib/gzip@v1.2.5",
|
|
"UID": "f87fa2524aa438cd"
|
|
},
|
|
"Version": "v1.2.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/gin-gonic/gin@v1.11.0",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gin-gonic/gin@v1.11.0",
|
|
"Name": "github.com/gin-gonic/gin",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gin-gonic/gin@v1.11.0",
|
|
"UID": "58ba6c4b4eb31594"
|
|
},
|
|
"Version": "v1.11.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/bytedance/sonic@v1.14.1",
|
|
"github.com/gin-contrib/sse@v1.1.0",
|
|
"github.com/go-playground/validator/v10@v10.30.1",
|
|
"github.com/goccy/go-json@v0.10.5",
|
|
"github.com/goccy/go-yaml@v1.18.0",
|
|
"github.com/json-iterator/go@v1.1.12",
|
|
"github.com/mattn/go-isatty@v0.0.20",
|
|
"github.com/modern-go/reflect2@v1.0.2",
|
|
"github.com/pelletier/go-toml/v2@v2.2.4",
|
|
"github.com/quic-go/quic-go@v0.57.1",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"github.com/ugorji/go/codec@v1.3.0",
|
|
"golang.org/x/net@v0.49.0",
|
|
"google.golang.org/protobuf@v1.36.10"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/glebarez/sqlite@v1.11.0",
|
|
"Name": "github.com/glebarez/sqlite",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/glebarez/sqlite@v1.11.0",
|
|
"UID": "94174cafecf96386"
|
|
},
|
|
"Version": "v1.11.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/glebarez/go-sqlite@v1.21.2",
|
|
"gorm.io/gorm@v1.31.1",
|
|
"modernc.org/sqlite@v1.23.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/golang-jwt/jwt/v5@v5.3.1",
|
|
"Name": "github.com/golang-jwt/jwt/v5",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.1",
|
|
"UID": "58be50feeb555579"
|
|
},
|
|
"Version": "v5.3.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/google/uuid@v1.6.0",
|
|
"Name": "github.com/google/uuid",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/google/uuid@v1.6.0",
|
|
"UID": "54c4f5faac4cc9de"
|
|
},
|
|
"Version": "v1.6.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gorilla/websocket@v1.5.3",
|
|
"Name": "github.com/gorilla/websocket",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gorilla/websocket@v1.5.3",
|
|
"UID": "a344090d01f66aee"
|
|
},
|
|
"Version": "v1.5.3",
|
|
"Licenses": [
|
|
"BSD-2-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/oschwald/geoip2-golang/v2@v2.1.0",
|
|
"Name": "github.com/oschwald/geoip2-golang/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/oschwald/geoip2-golang/v2@v2.1.0",
|
|
"UID": "e892c78da1c1e40c"
|
|
},
|
|
"Version": "v2.1.0",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/oschwald/maxminddb-golang/v2@v2.1.1",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/client_golang@v1.23.2",
|
|
"Name": "github.com/prometheus/client_golang",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2",
|
|
"UID": "b3c0ae3238e34b17"
|
|
},
|
|
"Version": "v1.23.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/beorn7/perks@v1.0.1",
|
|
"github.com/cespare/xxhash/v2@v2.3.0",
|
|
"github.com/json-iterator/go@v1.1.12",
|
|
"github.com/kylelemons/godebug@v1.1.0",
|
|
"github.com/prometheus/client_model@v0.6.2",
|
|
"github.com/prometheus/common@v0.66.1",
|
|
"github.com/prometheus/procfs@v0.16.1",
|
|
"golang.org/x/sys@v0.40.0",
|
|
"google.golang.org/protobuf@v1.36.10"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/robfig/cron/v3@v3.0.1",
|
|
"Name": "github.com/robfig/cron/v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/robfig/cron/v3@v3.0.1",
|
|
"UID": "1e1fad9e22bf2c0f"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/sirupsen/logrus@v1.9.4",
|
|
"Name": "github.com/sirupsen/logrus",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.4",
|
|
"UID": "7c994647a229d3fb"
|
|
},
|
|
"Version": "v1.9.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/testify@v1.11.1",
|
|
"Name": "github.com/stretchr/testify",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1",
|
|
"UID": "2039fc8b026f4214"
|
|
},
|
|
"Version": "v1.11.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/pmezard/go-difflib@v1.0.0",
|
|
"github.com/stretchr/objx@v0.5.2",
|
|
"gopkg.in/yaml.v3@v3.0.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/crypto@v0.47.0",
|
|
"Name": "golang.org/x/crypto",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/crypto@v0.47.0",
|
|
"UID": "69e2c05a81777ca8"
|
|
},
|
|
"Version": "v0.47.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/net@v0.49.0",
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/net@v0.49.0",
|
|
"Name": "golang.org/x/net",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/net@v0.49.0",
|
|
"UID": "6b61f488199b20f5"
|
|
},
|
|
"Version": "v0.49.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"golang.org/x/crypto@v0.47.0",
|
|
"golang.org/x/sys@v0.40.0",
|
|
"golang.org/x/text@v0.33.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/text@v0.33.0",
|
|
"Name": "golang.org/x/text",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/text@v0.33.0",
|
|
"UID": "a23fd07d21860cea"
|
|
},
|
|
"Version": "v0.33.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/natefinch/lumberjack.v2@v2.2.1",
|
|
"Name": "gopkg.in/natefinch/lumberjack.v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/natefinch/lumberjack.v2@v2.2.1",
|
|
"UID": "fe452e117024206f"
|
|
},
|
|
"Version": "v2.2.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gorm.io/driver/sqlite@v1.6.0",
|
|
"Name": "gorm.io/driver/sqlite",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gorm.io/driver/sqlite@v1.6.0",
|
|
"UID": "9a88dfe33780b18d"
|
|
},
|
|
"Version": "v1.6.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-sqlite3@v1.14.22",
|
|
"gorm.io/gorm@v1.31.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gorm.io/gorm@v1.31.1",
|
|
"Name": "gorm.io/gorm",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gorm.io/gorm@v1.31.1",
|
|
"UID": "993432b440331d86"
|
|
},
|
|
"Version": "v1.31.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"github.com/jinzhu/inflection@v1.0.0",
|
|
"github.com/jinzhu/now@v1.1.5",
|
|
"golang.org/x/text@v0.33.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/Microsoft/go-winio@v0.6.2",
|
|
"Name": "github.com/Microsoft/go-winio",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/microsoft/go-winio@v0.6.2",
|
|
"UID": "c907a50b2e8d637b"
|
|
},
|
|
"Version": "v0.6.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/sirupsen/logrus@v1.9.4",
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/beorn7/perks@v1.0.1",
|
|
"Name": "github.com/beorn7/perks",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1",
|
|
"UID": "64f462e6be19cdf3"
|
|
},
|
|
"Version": "v1.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/bytedance/gopkg@v0.1.3",
|
|
"Name": "github.com/bytedance/gopkg",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/bytedance/gopkg@v0.1.3",
|
|
"UID": "bb3882230031b0b4"
|
|
},
|
|
"Version": "v0.1.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/net@v0.49.0",
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/bytedance/sonic@v1.14.1",
|
|
"Name": "github.com/bytedance/sonic",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/bytedance/sonic@v1.14.1",
|
|
"UID": "14a48dec71e2bac1"
|
|
},
|
|
"Version": "v1.14.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/bytedance/gopkg@v0.1.3",
|
|
"github.com/bytedance/sonic/loader@v0.3.0",
|
|
"github.com/cloudwego/base64x@v0.1.6",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"github.com/twitchyliquid64/golang-asm@v0.15.1",
|
|
"golang.org/x/arch@v0.22.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/bytedance/sonic/loader@v0.3.0",
|
|
"Name": "github.com/bytedance/sonic/loader",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/bytedance/sonic/loader@v0.3.0",
|
|
"UID": "8fdbdcf5a569c09c"
|
|
},
|
|
"Version": "v0.3.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/cespare/xxhash/v2@v2.3.0",
|
|
"Name": "github.com/cespare/xxhash/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0",
|
|
"UID": "8821df56f8e9d401"
|
|
},
|
|
"Version": "v2.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/cloudwego/base64x@v0.1.6",
|
|
"Name": "github.com/cloudwego/base64x",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/cloudwego/base64x@v0.1.6",
|
|
"UID": "1b5472e9e5c13778"
|
|
},
|
|
"Version": "v0.1.6",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/bytedance/sonic/loader@v0.3.0",
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/containerd/errdefs@v1.0.0",
|
|
"Name": "github.com/containerd/errdefs",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/containerd/errdefs@v1.0.0",
|
|
"UID": "f9e80dbb39ee0620"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/containerd/errdefs/pkg@v0.3.0",
|
|
"Name": "github.com/containerd/errdefs/pkg",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/containerd/errdefs/pkg@v0.3.0",
|
|
"UID": "e03a7dbbb8d08ecc"
|
|
},
|
|
"Version": "v0.3.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/containerd/errdefs@v1.0.0",
|
|
"google.golang.org/protobuf@v1.36.10"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/containerd/log@v0.1.0",
|
|
"Name": "github.com/containerd/log",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/containerd/log@v0.1.0",
|
|
"UID": "7aa69d9a410a93ea"
|
|
},
|
|
"Version": "v0.1.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/sirupsen/logrus@v1.9.4"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/davecgh/go-spew@v1.1.1",
|
|
"Name": "github.com/davecgh/go-spew",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1",
|
|
"UID": "cac0f054a3b82441"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/distribution/reference@v0.6.0",
|
|
"Name": "github.com/distribution/reference",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/distribution/reference@v0.6.0",
|
|
"UID": "839998187fd25686"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/opencontainers/go-digest@v1.0.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/docker/go-connections@v0.6.0",
|
|
"Name": "github.com/docker/go-connections",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/docker/go-connections@v0.6.0",
|
|
"UID": "26aed2a45db0ae3f"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/Microsoft/go-winio@v0.6.2"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/docker/go-units@v0.5.0",
|
|
"Name": "github.com/docker/go-units",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/docker/go-units@v0.5.0",
|
|
"UID": "a9b18b42b457e1ca"
|
|
},
|
|
"Version": "v0.5.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/dustin/go-humanize@v1.0.1",
|
|
"Name": "github.com/dustin/go-humanize",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/dustin/go-humanize@v1.0.1",
|
|
"UID": "f3a5d5151192544f"
|
|
},
|
|
"Version": "v1.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/fatih/color@v1.15.0",
|
|
"Name": "github.com/fatih/color",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/fatih/color@v1.15.0",
|
|
"UID": "1eab75246b272bd2"
|
|
},
|
|
"Version": "v1.15.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-colorable@v0.1.13",
|
|
"github.com/mattn/go-isatty@v0.0.20",
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/felixge/httpsnoop@v1.0.4",
|
|
"Name": "github.com/felixge/httpsnoop",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4",
|
|
"UID": "7e76662c5adc93c8"
|
|
},
|
|
"Version": "v1.0.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gabriel-vasile/mimetype@v1.4.12",
|
|
"Name": "github.com/gabriel-vasile/mimetype",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gabriel-vasile/mimetype@v1.4.12",
|
|
"UID": "c919bbfea8c92437"
|
|
},
|
|
"Version": "v1.4.12",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/gin-contrib/sse@v1.1.0",
|
|
"Name": "github.com/gin-contrib/sse",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/gin-contrib/sse@v1.1.0",
|
|
"UID": "1decdffe0edce1ff"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/glebarez/go-sqlite@v1.21.2",
|
|
"Name": "github.com/glebarez/go-sqlite",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/glebarez/go-sqlite@v1.21.2",
|
|
"UID": "6823d34b024effad"
|
|
},
|
|
"Version": "v1.21.2",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.40.0",
|
|
"modernc.org/libc@v1.22.5",
|
|
"modernc.org/mathutil@v1.5.0",
|
|
"modernc.org/sqlite@v1.23.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/logr@v1.4.3",
|
|
"Name": "github.com/go-logr/logr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3",
|
|
"UID": "57d0050209b8d7ef"
|
|
},
|
|
"Version": "v1.4.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-logr/stdr@v1.2.2",
|
|
"Name": "github.com/go-logr/stdr",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2",
|
|
"UID": "339ab0a812dd211c"
|
|
},
|
|
"Version": "v1.2.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/locales@v0.14.1",
|
|
"Name": "github.com/go-playground/locales",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/locales@v0.14.1",
|
|
"UID": "6818c432129ea3c7"
|
|
},
|
|
"Version": "v0.14.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/text@v0.33.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/universal-translator@v0.18.1",
|
|
"Name": "github.com/go-playground/universal-translator",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/universal-translator@v0.18.1",
|
|
"UID": "e5b2569087b738c"
|
|
},
|
|
"Version": "v0.18.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/go-playground/locales@v0.14.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/go-playground/validator/v10@v10.30.1",
|
|
"Name": "github.com/go-playground/validator/v10",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/go-playground/validator/v10@v10.30.1",
|
|
"UID": "dd8e58c23ccb4954"
|
|
},
|
|
"Version": "v10.30.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/gabriel-vasile/mimetype@v1.4.12",
|
|
"github.com/go-playground/locales@v0.14.1",
|
|
"github.com/go-playground/universal-translator@v0.18.1",
|
|
"github.com/leodido/go-urn@v1.4.0",
|
|
"golang.org/x/crypto@v0.47.0",
|
|
"golang.org/x/text@v0.33.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/goccy/go-json@v0.10.5",
|
|
"Name": "github.com/goccy/go-json",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/goccy/go-json@v0.10.5",
|
|
"UID": "2b9be1256b6f8529"
|
|
},
|
|
"Version": "v0.10.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/goccy/go-yaml@v1.18.0",
|
|
"Name": "github.com/goccy/go-yaml",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/goccy/go-yaml@v1.18.0",
|
|
"UID": "5e5a9d84d94363a5"
|
|
},
|
|
"Version": "v1.18.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jinzhu/inflection@v1.0.0",
|
|
"Name": "github.com/jinzhu/inflection",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jinzhu/inflection@v1.0.0",
|
|
"UID": "9935456206084235"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/jinzhu/now@v1.1.5",
|
|
"Name": "github.com/jinzhu/now",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/jinzhu/now@v1.1.5",
|
|
"UID": "c8d8abdae98fe8e0"
|
|
},
|
|
"Version": "v1.1.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/json-iterator/go@v1.1.12",
|
|
"Name": "github.com/json-iterator/go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12",
|
|
"UID": "4f33218e39a9e2c6"
|
|
},
|
|
"Version": "v1.1.12",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/davecgh/go-spew@v1.1.1",
|
|
"github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"github.com/modern-go/reflect2@v1.0.2",
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"Name": "github.com/klauspost/cpuid/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"UID": "45ad3491c38520ae"
|
|
},
|
|
"Version": "v2.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/kylelemons/godebug@v1.1.0",
|
|
"Name": "github.com/kylelemons/godebug",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0",
|
|
"UID": "450bcca5ba724c62"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/leodido/go-urn@v1.4.0",
|
|
"Name": "github.com/leodido/go-urn",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/leodido/go-urn@v1.4.0",
|
|
"UID": "9987214c6510dec9"
|
|
},
|
|
"Version": "v1.4.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-colorable@v0.1.13",
|
|
"Name": "github.com/mattn/go-colorable",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.13",
|
|
"UID": "5e8923cc0ffbacbf"
|
|
},
|
|
"Version": "v0.1.13",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/mattn/go-isatty@v0.0.20"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-isatty@v0.0.20",
|
|
"Name": "github.com/mattn/go-isatty",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20",
|
|
"UID": "2eb69fc89ba2fc0"
|
|
},
|
|
"Version": "v0.0.20",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/mattn/go-sqlite3@v1.14.22",
|
|
"Name": "github.com/mattn/go-sqlite3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/mattn/go-sqlite3@v1.14.22",
|
|
"UID": "106e76e207873c8c"
|
|
},
|
|
"Version": "v1.14.22",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/moby/docker-image-spec@v1.3.1",
|
|
"Name": "github.com/moby/docker-image-spec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/moby/docker-image-spec@v1.3.1",
|
|
"UID": "b737af2a738bfc2"
|
|
},
|
|
"Version": "v1.3.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/opencontainers/image-spec@v1.1.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/moby/sys/atomicwriter@v0.1.0",
|
|
"Name": "github.com/moby/sys/atomicwriter",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/moby/sys/atomicwriter@v0.1.0",
|
|
"UID": "ae5cca8b5a7b0844"
|
|
},
|
|
"Version": "v0.1.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/moby/term@v0.5.2",
|
|
"Name": "github.com/moby/term",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/moby/term@v0.5.2",
|
|
"UID": "caa546ba087d5674"
|
|
},
|
|
"Version": "v0.5.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"Name": "github.com/modern-go/concurrent",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"UID": "abfeff00c4e17cf2"
|
|
},
|
|
"Version": "v0.0.0-20180306012644-bacd9c7ef1dd",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/modern-go/reflect2@v1.0.2",
|
|
"Name": "github.com/modern-go/reflect2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2",
|
|
"UID": "5c71b35bed71c861"
|
|
},
|
|
"Version": "v1.0.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/morikuni/aec@v1.0.0",
|
|
"Name": "github.com/morikuni/aec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/morikuni/aec@v1.0.0",
|
|
"UID": "1693de13a279579e"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822",
|
|
"Name": "github.com/munnerz/goautoneg",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822",
|
|
"UID": "de98ed90d87e7d6d"
|
|
},
|
|
"Version": "v0.0.0-20191010083416-a7dc8b61c822",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/onsi/ginkgo/v2@v2.9.5",
|
|
"Name": "github.com/onsi/ginkgo/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/onsi/ginkgo/v2@v2.9.5",
|
|
"UID": "4bfc20ae6a0f4414"
|
|
},
|
|
"Version": "v2.9.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3",
|
|
"golang.org/x/net@v0.49.0",
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/opencontainers/go-digest@v1.0.0",
|
|
"Name": "github.com/opencontainers/go-digest",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0",
|
|
"UID": "739b152202cb14d1"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/opencontainers/image-spec@v1.1.1",
|
|
"Name": "github.com/opencontainers/image-spec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.1.1",
|
|
"UID": "5ddec52381c03095"
|
|
},
|
|
"Version": "v1.1.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/opencontainers/go-digest@v1.0.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/oschwald/maxminddb-golang/v2@v2.1.1",
|
|
"Name": "github.com/oschwald/maxminddb-golang/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/oschwald/maxminddb-golang/v2@v2.1.1",
|
|
"UID": "9d30dfb2dd34c9b0"
|
|
},
|
|
"Version": "v2.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pelletier/go-toml/v2@v2.2.4",
|
|
"Name": "github.com/pelletier/go-toml/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pelletier/go-toml/v2@v2.2.4",
|
|
"UID": "265534dfeeaed18b"
|
|
},
|
|
"Version": "v2.2.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pkg/errors@v0.9.1",
|
|
"Name": "github.com/pkg/errors",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pkg/errors@v0.9.1",
|
|
"UID": "64a8cfc420bbaecd"
|
|
},
|
|
"Version": "v0.9.1",
|
|
"Licenses": [
|
|
"BSD-2-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/pmezard/go-difflib@v1.0.0",
|
|
"Name": "github.com/pmezard/go-difflib",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0",
|
|
"UID": "b55fe412e4e2b8cf"
|
|
},
|
|
"Version": "v1.0.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/client_model@v0.6.2",
|
|
"Name": "github.com/prometheus/client_model",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2",
|
|
"UID": "892406c72c6e640c"
|
|
},
|
|
"Version": "v0.6.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"google.golang.org/protobuf@v1.36.10"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/common@v0.66.1",
|
|
"Name": "github.com/prometheus/common",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/common@v0.66.1",
|
|
"UID": "484a2775d214489b"
|
|
},
|
|
"Version": "v0.66.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822",
|
|
"github.com/prometheus/client_model@v0.6.2",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.yaml.in/yaml/v2@v2.4.2",
|
|
"golang.org/x/net@v0.49.0",
|
|
"google.golang.org/protobuf@v1.36.10"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/prometheus/procfs@v0.16.1",
|
|
"Name": "github.com/prometheus/procfs",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1",
|
|
"UID": "956f79ddaa4c41d9"
|
|
},
|
|
"Version": "v0.16.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"golang.org/x/sys@v0.40.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/quic-go/qpack@v0.6.0",
|
|
"Name": "github.com/quic-go/qpack",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/qpack@v0.6.0",
|
|
"UID": "adf086c203f67e4e"
|
|
},
|
|
"Version": "v0.6.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/net@v0.49.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/quic-go/quic-go@v0.57.1",
|
|
"Name": "github.com/quic-go/quic-go",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/quic-go/quic-go@v0.57.1",
|
|
"UID": "b46c4c98621078a0"
|
|
},
|
|
"Version": "v0.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/quic-go/qpack@v0.6.0",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"golang.org/x/crypto@v0.47.0",
|
|
"golang.org/x/net@v0.49.0",
|
|
"golang.org/x/sys@v0.40.0",
|
|
"golang.org/x/time@v0.14.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/remyoudompheng/bigfft@v0.0.0-20230129092748-24d4a6f8daec",
|
|
"Name": "github.com/remyoudompheng/bigfft",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/remyoudompheng/bigfft@v0.0.0-20230129092748-24d4a6f8daec",
|
|
"UID": "aaef86f0a8ad2161"
|
|
},
|
|
"Version": "v0.0.0-20230129092748-24d4a6f8daec",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/stretchr/objx@v0.5.2",
|
|
"Name": "github.com/stretchr/objx",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/stretchr/objx@v0.5.2",
|
|
"UID": "283268047980c293"
|
|
},
|
|
"Version": "v0.5.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/twitchyliquid64/golang-asm@v0.15.1",
|
|
"Name": "github.com/twitchyliquid64/golang-asm",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/twitchyliquid64/golang-asm@v0.15.1",
|
|
"UID": "7ee2889086df30b6"
|
|
},
|
|
"Version": "v0.15.1",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "github.com/ugorji/go/codec@v1.3.0",
|
|
"Name": "github.com/ugorji/go/codec",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/github.com/ugorji/go/codec@v1.3.0",
|
|
"UID": "6eb8820029aa2116"
|
|
},
|
|
"Version": "v1.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"Name": "go.opentelemetry.io/auto/sdk",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"UID": "58ef924cbed00adf"
|
|
},
|
|
"Version": "v1.1.0",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0",
|
|
"go.opentelemetry.io/otel/trace@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.63.0",
|
|
"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.63.0",
|
|
"UID": "f44ec6056c31e047"
|
|
},
|
|
"Version": "v0.63.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/felixge/httpsnoop@v1.0.4",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0",
|
|
"go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"go.opentelemetry.io/otel/trace@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel@v1.38.0",
|
|
"Name": "go.opentelemetry.io/otel",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel@v1.38.0",
|
|
"UID": "320614a0a3cfe4a2"
|
|
},
|
|
"Version": "v1.38.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/go-logr/logr@v1.4.3",
|
|
"github.com/go-logr/stdr@v1.2.2",
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/auto/sdk@v1.1.0",
|
|
"go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"go.opentelemetry.io/otel/trace@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.38.0",
|
|
"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.38.0",
|
|
"UID": "4faf082949b4cc2e"
|
|
},
|
|
"Version": "v1.38.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0",
|
|
"go.opentelemetry.io/otel/trace@v1.38.0",
|
|
"google.golang.org/protobuf@v1.36.10"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"Name": "go.opentelemetry.io/otel/metric",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.38.0",
|
|
"UID": "1b912252d614b365"
|
|
},
|
|
"Version": "v1.38.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.opentelemetry.io/otel/trace@v1.38.0",
|
|
"Name": "go.opentelemetry.io/otel/trace",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.38.0",
|
|
"UID": "146a59960c8cdb33"
|
|
},
|
|
"Version": "v1.38.0",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/stretchr/testify@v1.11.1",
|
|
"go.opentelemetry.io/otel@v1.38.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "go.yaml.in/yaml/v2@v2.4.2",
|
|
"Name": "go.yaml.in/yaml/v2",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.2",
|
|
"UID": "724fc8463789c671"
|
|
},
|
|
"Version": "v2.4.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/arch@v0.22.0",
|
|
"Name": "golang.org/x/arch",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/arch@v0.22.0",
|
|
"UID": "358b69531492e016"
|
|
},
|
|
"Version": "v0.22.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/sys@v0.40.0",
|
|
"Name": "golang.org/x/sys",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/sys@v0.40.0",
|
|
"UID": "9baf861b179badd8"
|
|
},
|
|
"Version": "v0.40.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "golang.org/x/time@v0.14.0",
|
|
"Name": "golang.org/x/time",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/golang.org/x/time@v0.14.0",
|
|
"UID": "8864fc7fdb016a3a"
|
|
},
|
|
"Version": "v0.14.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "google.golang.org/protobuf@v1.36.10",
|
|
"Name": "google.golang.org/protobuf",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/google.golang.org/protobuf@v1.36.10",
|
|
"UID": "3941283569c91c01"
|
|
},
|
|
"Version": "v1.36.10",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gopkg.in/yaml.v3@v3.0.1",
|
|
"Name": "gopkg.in/yaml.v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
|
|
"UID": "8482b21516902896"
|
|
},
|
|
"Version": "v3.0.1",
|
|
"Licenses": [
|
|
"Apache-2.0",
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "gotest.tools/v3@v3.5.2",
|
|
"Name": "gotest.tools/v3",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/gotest.tools/v3@v3.5.2",
|
|
"UID": "f10f92c9f10fa3b2"
|
|
},
|
|
"Version": "v3.5.2",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "modernc.org/libc@v1.22.5",
|
|
"Name": "modernc.org/libc",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/modernc.org/libc@v1.22.5",
|
|
"UID": "57b9ed7e5c35bc31"
|
|
},
|
|
"Version": "v1.22.5",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/dustin/go-humanize@v1.0.1",
|
|
"github.com/google/uuid@v1.6.0",
|
|
"github.com/mattn/go-isatty@v0.0.20",
|
|
"golang.org/x/sys@v0.40.0",
|
|
"modernc.org/mathutil@v1.5.0",
|
|
"modernc.org/memory@v1.5.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "modernc.org/mathutil@v1.5.0",
|
|
"Name": "modernc.org/mathutil",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/modernc.org/mathutil@v1.5.0",
|
|
"UID": "f8936f04a3725208"
|
|
},
|
|
"Version": "v1.5.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/remyoudompheng/bigfft@v0.0.0-20230129092748-24d4a6f8daec"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "modernc.org/memory@v1.5.0",
|
|
"Name": "modernc.org/memory",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/modernc.org/memory@v1.5.0",
|
|
"UID": "85e9896704e0076b"
|
|
},
|
|
"Version": "v1.5.0",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"modernc.org/mathutil@v1.5.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
},
|
|
{
|
|
"ID": "modernc.org/sqlite@v1.23.1",
|
|
"Name": "modernc.org/sqlite",
|
|
"Identifier": {
|
|
"PURL": "pkg:golang/modernc.org/sqlite@v1.23.1",
|
|
"UID": "396b4080a3041233"
|
|
},
|
|
"Version": "v1.23.1",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"github.com/klauspost/cpuid/v2@v2.3.0",
|
|
"github.com/mattn/go-sqlite3@v1.14.22",
|
|
"golang.org/x/sys@v0.40.0",
|
|
"modernc.org/libc@v1.22.5",
|
|
"modernc.org/mathutil@v1.5.0"
|
|
],
|
|
"AnalyzedBy": "gomod"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": "frontend/package-lock.json",
|
|
"Class": "lang-pkgs",
|
|
"Type": "npm",
|
|
"Packages": [
|
|
{
|
|
"ID": "@radix-ui/react-checkbox@1.3.3",
|
|
"Name": "@radix-ui/react-checkbox",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-checkbox@1.3.3",
|
|
"UID": "1e2daa4e055a8809"
|
|
},
|
|
"Version": "1.3.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@radix-ui/primitive@1.1.3",
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-context@1.1.2",
|
|
"@radix-ui/react-presence@1.1.5",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-use-controllable-state@1.2.2",
|
|
"@radix-ui/react-use-previous@1.1.1",
|
|
"@radix-ui/react-use-size@1.1.1",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1830,
|
|
"EndLine": 1859
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-dialog@1.1.15",
|
|
"Name": "@radix-ui/react-dialog",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-dialog@1.1.15",
|
|
"UID": "7166c77c727770f"
|
|
},
|
|
"Version": "1.1.15",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@radix-ui/primitive@1.1.3",
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-context@1.1.2",
|
|
"@radix-ui/react-dismissable-layer@1.1.11",
|
|
"@radix-ui/react-focus-guards@1.1.3",
|
|
"@radix-ui/react-focus-scope@1.1.7",
|
|
"@radix-ui/react-id@1.1.1",
|
|
"@radix-ui/react-portal@1.1.9",
|
|
"@radix-ui/react-presence@1.1.5",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-slot@1.2.3",
|
|
"@radix-ui/react-use-controllable-state@1.2.2",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"aria-hidden@1.2.6",
|
|
"react-dom@19.2.4",
|
|
"react-remove-scroll@2.7.2",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1916,
|
|
"EndLine": 1951
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-progress@1.1.8",
|
|
"Name": "@radix-ui/react-progress",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-progress@1.1.8",
|
|
"UID": "fa19b52fc56925a9"
|
|
},
|
|
"Version": "1.1.8",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@radix-ui/react-context@1.1.3",
|
|
"@radix-ui/react-primitive@2.1.4",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2155,
|
|
"EndLine": 2178
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-select@2.2.6",
|
|
"Name": "@radix-ui/react-select",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-select@2.2.6",
|
|
"UID": "7ba8813525adc890"
|
|
},
|
|
"Version": "2.2.6",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@radix-ui/number@1.1.1",
|
|
"@radix-ui/primitive@1.1.3",
|
|
"@radix-ui/react-collection@1.1.7",
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-context@1.1.2",
|
|
"@radix-ui/react-direction@1.1.1",
|
|
"@radix-ui/react-dismissable-layer@1.1.11",
|
|
"@radix-ui/react-focus-guards@1.1.3",
|
|
"@radix-ui/react-focus-scope@1.1.7",
|
|
"@radix-ui/react-id@1.1.1",
|
|
"@radix-ui/react-popper@1.2.8",
|
|
"@radix-ui/react-portal@1.1.9",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-slot@1.2.3",
|
|
"@radix-ui/react-use-callback-ref@1.1.1",
|
|
"@radix-ui/react-use-controllable-state@1.2.2",
|
|
"@radix-ui/react-use-layout-effect@1.1.1",
|
|
"@radix-ui/react-use-previous@1.1.1",
|
|
"@radix-ui/react-visually-hidden@1.2.3",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"aria-hidden@1.2.6",
|
|
"react-dom@19.2.4",
|
|
"react-remove-scroll@2.7.2",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2266,
|
|
"EndLine": 2308
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-tabs@1.1.13",
|
|
"Name": "@radix-ui/react-tabs",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-tabs@1.1.13",
|
|
"UID": "5eb0adc1fc7792e3"
|
|
},
|
|
"Version": "1.1.13",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@radix-ui/primitive@1.1.3",
|
|
"@radix-ui/react-context@1.1.2",
|
|
"@radix-ui/react-direction@1.1.1",
|
|
"@radix-ui/react-id@1.1.1",
|
|
"@radix-ui/react-presence@1.1.5",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-roving-focus@1.1.11",
|
|
"@radix-ui/react-use-controllable-state@1.2.2",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2327,
|
|
"EndLine": 2356
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-tooltip@1.2.8",
|
|
"Name": "@radix-ui/react-tooltip",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-tooltip@1.2.8",
|
|
"UID": "58c4445402fed828"
|
|
},
|
|
"Version": "1.2.8",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@radix-ui/primitive@1.1.3",
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-context@1.1.2",
|
|
"@radix-ui/react-dismissable-layer@1.1.11",
|
|
"@radix-ui/react-id@1.1.1",
|
|
"@radix-ui/react-popper@1.2.8",
|
|
"@radix-ui/react-portal@1.1.9",
|
|
"@radix-ui/react-presence@1.1.5",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-slot@1.2.3",
|
|
"@radix-ui/react-use-controllable-state@1.2.2",
|
|
"@radix-ui/react-visually-hidden@1.2.3",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2357,
|
|
"EndLine": 2390
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@tanstack/react-query@5.90.20",
|
|
"Name": "@tanstack/react-query",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40tanstack/react-query@5.90.20",
|
|
"UID": "ed3a16a8a8081847"
|
|
},
|
|
"Version": "5.90.20",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@tanstack/query-core@5.90.20",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3201,
|
|
"EndLine": 3216
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@types/react@19.2.10",
|
|
"Name": "@types/react",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40types/react@19.2.10",
|
|
"UID": "97238b7626a330ec"
|
|
},
|
|
"Version": "19.2.10",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"csstype@3.2.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3413,
|
|
"EndLine": 3423
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@types/react-dom@19.2.3",
|
|
"Name": "@types/react-dom",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40types/react-dom@19.2.3",
|
|
"UID": "a82e3e6b05e76514"
|
|
},
|
|
"Version": "19.2.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3424,
|
|
"EndLine": 3434
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "axios@1.13.4",
|
|
"Name": "axios",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/axios@1.13.4",
|
|
"UID": "af4256ca748bf842"
|
|
},
|
|
"Version": "1.13.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"follow-redirects@1.15.11",
|
|
"form-data@4.0.5",
|
|
"proxy-from-env@1.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4058,
|
|
"EndLine": 4068
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "class-variance-authority@0.7.1",
|
|
"Name": "class-variance-authority",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/class-variance-authority@0.7.1",
|
|
"UID": "4b86f9c64cbbbf7"
|
|
},
|
|
"Version": "0.7.1",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"clsx@2.1.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4225,
|
|
"EndLine": 4236
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "clsx@2.1.1",
|
|
"Name": "clsx",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/clsx@2.1.1",
|
|
"UID": "d8c74391a9730be9"
|
|
},
|
|
"Version": "2.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4237,
|
|
"EndLine": 4245
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "date-fns@4.1.0",
|
|
"Name": "date-fns",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/date-fns@4.1.0",
|
|
"UID": "3e43ad86185665c3"
|
|
},
|
|
"Version": "4.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4388,
|
|
"EndLine": 4397
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "i18next@25.8.1",
|
|
"Name": "i18next",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/i18next@25.8.1",
|
|
"UID": "fdcc4b9c6ded09fd"
|
|
},
|
|
"Version": "25.8.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@babel/runtime@7.28.6",
|
|
"typescript@5.9.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5385,
|
|
"EndLine": 5416
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "i18next-browser-languagedetector@8.2.0",
|
|
"Name": "i18next-browser-languagedetector",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/i18next-browser-languagedetector@8.2.0",
|
|
"UID": "2d385676334480c9"
|
|
},
|
|
"Version": "8.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@babel/runtime@7.28.6"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5417,
|
|
"EndLine": 5425
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "lucide-react@0.563.0",
|
|
"Name": "lucide-react",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/lucide-react@0.563.0",
|
|
"UID": "a888dfdad810e208"
|
|
},
|
|
"Version": "0.563.0",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6067,
|
|
"EndLine": 6075
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react@19.2.4",
|
|
"Name": "react",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react@19.2.4",
|
|
"UID": "c7f8cb6827c56778"
|
|
},
|
|
"Version": "19.2.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6594,
|
|
"EndLine": 6603
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react-dom@19.2.4",
|
|
"Name": "react-dom",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react-dom@19.2.4",
|
|
"UID": "4eba3c2e37037912"
|
|
},
|
|
"Version": "19.2.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"react@19.2.4",
|
|
"scheduler@0.27.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6604,
|
|
"EndLine": 6616
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react-hook-form@7.71.1",
|
|
"Name": "react-hook-form",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react-hook-form@7.71.1",
|
|
"UID": "78cddb40ff2d08a0"
|
|
},
|
|
"Version": "7.71.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6617,
|
|
"EndLine": 6632
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react-hot-toast@2.6.0",
|
|
"Name": "react-hot-toast",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react-hot-toast@2.6.0",
|
|
"UID": "2d0d0a54d05e6fd6"
|
|
},
|
|
"Version": "2.6.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"csstype@3.2.3",
|
|
"goober@2.1.18",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6633,
|
|
"EndLine": 6649
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react-i18next@16.5.4",
|
|
"Name": "react-i18next",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react-i18next@16.5.4",
|
|
"UID": "fb1b28b424582edb"
|
|
},
|
|
"Version": "16.5.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@babel/runtime@7.28.6",
|
|
"html-parse-stringify@3.0.1",
|
|
"i18next@25.8.1",
|
|
"react@19.2.4",
|
|
"typescript@5.9.3",
|
|
"use-sync-external-store@1.6.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6650,
|
|
"EndLine": 6676
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react-router-dom@7.13.0",
|
|
"Name": "react-router-dom",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react-router-dom@7.13.0",
|
|
"UID": "da8deeaa4d36a25a"
|
|
},
|
|
"Version": "7.13.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"react-dom@19.2.4",
|
|
"react-router@7.13.0",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6763,
|
|
"EndLine": 6778
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "tailwind-merge@3.4.0",
|
|
"Name": "tailwind-merge",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/tailwind-merge@3.4.0",
|
|
"UID": "1b5c790b755d23c0"
|
|
},
|
|
"Version": "3.4.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 7081,
|
|
"EndLine": 7090
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "tldts@7.0.22",
|
|
"Name": "tldts",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/tldts@7.0.22",
|
|
"UID": "13478476ade3cf86"
|
|
},
|
|
"Version": "7.0.22",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"tldts-core@7.0.22"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 7156,
|
|
"EndLine": 7167
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "typescript@5.9.3",
|
|
"Name": "typescript",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/typescript@5.9.3",
|
|
"UID": "aab94699aff56e96"
|
|
},
|
|
"Version": "5.9.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 7255,
|
|
"EndLine": 7269
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@babel/runtime@7.28.6",
|
|
"Name": "@babel/runtime",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40babel/runtime@7.28.6",
|
|
"UID": "f2b55835a4418967"
|
|
},
|
|
"Version": "7.28.6",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 400,
|
|
"EndLine": 408
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@floating-ui/core@1.7.4",
|
|
"Name": "@floating-ui/core",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40floating-ui/core@1.7.4",
|
|
"UID": "3d1358c6f98224e8"
|
|
},
|
|
"Version": "1.7.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@floating-ui/utils@0.2.10"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1284,
|
|
"EndLine": 1292
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@floating-ui/dom@1.7.5",
|
|
"Name": "@floating-ui/dom",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40floating-ui/dom@1.7.5",
|
|
"UID": "94fd589738ed459"
|
|
},
|
|
"Version": "1.7.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@floating-ui/core@1.7.4",
|
|
"@floating-ui/utils@0.2.10"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1293,
|
|
"EndLine": 1302
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@floating-ui/react-dom@2.1.7",
|
|
"Name": "@floating-ui/react-dom",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40floating-ui/react-dom@2.1.7",
|
|
"UID": "b626e06175b926f1"
|
|
},
|
|
"Version": "2.1.7",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@floating-ui/dom@1.7.5",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1303,
|
|
"EndLine": 1315
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@floating-ui/utils@0.2.10",
|
|
"Name": "@floating-ui/utils",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40floating-ui/utils@0.2.10",
|
|
"UID": "b06ce92dd539eaf3"
|
|
},
|
|
"Version": "0.2.10",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1316,
|
|
"EndLine": 1321
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/number@1.1.1",
|
|
"Name": "@radix-ui/number",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/number@1.1.1",
|
|
"UID": "7ea3fef597676a19"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1795,
|
|
"EndLine": 1800
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/primitive@1.1.3",
|
|
"Name": "@radix-ui/primitive",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/primitive@1.1.3",
|
|
"UID": "2f9ae13d64fefd5f"
|
|
},
|
|
"Version": "1.1.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1801,
|
|
"EndLine": 1806
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-arrow@1.1.7",
|
|
"Name": "@radix-ui/react-arrow",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-arrow@1.1.7",
|
|
"UID": "a9868a414bcb60b4"
|
|
},
|
|
"Version": "1.1.7",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1807,
|
|
"EndLine": 1829
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-collection@1.1.7",
|
|
"Name": "@radix-ui/react-collection",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-collection@1.1.7",
|
|
"UID": "6a61df326a6a1332"
|
|
},
|
|
"Version": "1.1.7",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-context@1.1.2",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-slot@1.2.3",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1860,
|
|
"EndLine": 1885
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-compose-refs@1.1.2",
|
|
"Name": "@radix-ui/react-compose-refs",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-compose-refs@1.1.2",
|
|
"UID": "3a2ae32f3298affe"
|
|
},
|
|
"Version": "1.1.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1886,
|
|
"EndLine": 1900
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-context@1.1.2",
|
|
"Name": "@radix-ui/react-context",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-context@1.1.2",
|
|
"UID": "1aca158e1b5b808"
|
|
},
|
|
"Version": "1.1.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1901,
|
|
"EndLine": 1915
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-context@1.1.3",
|
|
"Name": "@radix-ui/react-context",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-context@1.1.3",
|
|
"UID": "5d51d3091f7662d8"
|
|
},
|
|
"Version": "1.1.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2179,
|
|
"EndLine": 2193
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-direction@1.1.1",
|
|
"Name": "@radix-ui/react-direction",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-direction@1.1.1",
|
|
"UID": "29f464e3f005f13"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1952,
|
|
"EndLine": 1966
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-dismissable-layer@1.1.11",
|
|
"Name": "@radix-ui/react-dismissable-layer",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-dismissable-layer@1.1.11",
|
|
"UID": "e84d657e86d0c9ba"
|
|
},
|
|
"Version": "1.1.11",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/primitive@1.1.3",
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-use-callback-ref@1.1.1",
|
|
"@radix-ui/react-use-escape-keydown@1.1.1",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1967,
|
|
"EndLine": 1993
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-focus-guards@1.1.3",
|
|
"Name": "@radix-ui/react-focus-guards",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-focus-guards@1.1.3",
|
|
"UID": "ff2c42dd8ed89626"
|
|
},
|
|
"Version": "1.1.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1994,
|
|
"EndLine": 2008
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-focus-scope@1.1.7",
|
|
"Name": "@radix-ui/react-focus-scope",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-focus-scope@1.1.7",
|
|
"UID": "3a236fdabd44f13"
|
|
},
|
|
"Version": "1.1.7",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-use-callback-ref@1.1.1",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2009,
|
|
"EndLine": 2033
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-id@1.1.1",
|
|
"Name": "@radix-ui/react-id",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-id@1.1.1",
|
|
"UID": "71c8defe733b1ca4"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-use-layout-effect@1.1.1",
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2034,
|
|
"EndLine": 2051
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-popper@1.2.8",
|
|
"Name": "@radix-ui/react-popper",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-popper@1.2.8",
|
|
"UID": "e213400533d6d107"
|
|
},
|
|
"Version": "1.2.8",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@floating-ui/react-dom@2.1.7",
|
|
"@radix-ui/react-arrow@1.1.7",
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-context@1.1.2",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-use-callback-ref@1.1.1",
|
|
"@radix-ui/react-use-layout-effect@1.1.1",
|
|
"@radix-ui/react-use-rect@1.1.1",
|
|
"@radix-ui/react-use-size@1.1.1",
|
|
"@radix-ui/rect@1.1.1",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2052,
|
|
"EndLine": 2083
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-portal@1.1.9",
|
|
"Name": "@radix-ui/react-portal",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-portal@1.1.9",
|
|
"UID": "c5705092adad140c"
|
|
},
|
|
"Version": "1.1.9",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-use-layout-effect@1.1.1",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2084,
|
|
"EndLine": 2107
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-presence@1.1.5",
|
|
"Name": "@radix-ui/react-presence",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-presence@1.1.5",
|
|
"UID": "5b9a50b2fdb7ddfa"
|
|
},
|
|
"Version": "1.1.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-use-layout-effect@1.1.1",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2108,
|
|
"EndLine": 2131
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-primitive@2.1.3",
|
|
"Name": "@radix-ui/react-primitive",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-primitive@2.1.3",
|
|
"UID": "8446c5eeecaa56ce"
|
|
},
|
|
"Version": "2.1.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-slot@1.2.3",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2132,
|
|
"EndLine": 2154
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-primitive@2.1.4",
|
|
"Name": "@radix-ui/react-primitive",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-primitive@2.1.4",
|
|
"UID": "d94f56278f1ad059"
|
|
},
|
|
"Version": "2.1.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-slot@1.2.4",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2194,
|
|
"EndLine": 2216
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-roving-focus@1.1.11",
|
|
"Name": "@radix-ui/react-roving-focus",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-roving-focus@1.1.11",
|
|
"UID": "2a80daacdb1e11c2"
|
|
},
|
|
"Version": "1.1.11",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/primitive@1.1.3",
|
|
"@radix-ui/react-collection@1.1.7",
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@radix-ui/react-context@1.1.2",
|
|
"@radix-ui/react-direction@1.1.1",
|
|
"@radix-ui/react-id@1.1.1",
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@radix-ui/react-use-callback-ref@1.1.1",
|
|
"@radix-ui/react-use-controllable-state@1.2.2",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2235,
|
|
"EndLine": 2265
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-slot@1.2.3",
|
|
"Name": "@radix-ui/react-slot",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-slot@1.2.3",
|
|
"UID": "3bc7a1599611cc7e"
|
|
},
|
|
"Version": "1.2.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2309,
|
|
"EndLine": 2326
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-slot@1.2.4",
|
|
"Name": "@radix-ui/react-slot",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-slot@1.2.4",
|
|
"UID": "5c8694233a53052f"
|
|
},
|
|
"Version": "1.2.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-compose-refs@1.1.2",
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2217,
|
|
"EndLine": 2234
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-use-callback-ref@1.1.1",
|
|
"Name": "@radix-ui/react-use-callback-ref",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-use-callback-ref@1.1.1",
|
|
"UID": "a7c74745fdbeda85"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2391,
|
|
"EndLine": 2405
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-use-controllable-state@1.2.2",
|
|
"Name": "@radix-ui/react-use-controllable-state",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-use-controllable-state@1.2.2",
|
|
"UID": "cde7a0aba46b77d0"
|
|
},
|
|
"Version": "1.2.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-use-effect-event@0.0.2",
|
|
"@radix-ui/react-use-layout-effect@1.1.1",
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2406,
|
|
"EndLine": 2424
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-use-effect-event@0.0.2",
|
|
"Name": "@radix-ui/react-use-effect-event",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-use-effect-event@0.0.2",
|
|
"UID": "8369384236a937aa"
|
|
},
|
|
"Version": "0.0.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-use-layout-effect@1.1.1",
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2425,
|
|
"EndLine": 2442
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-use-escape-keydown@1.1.1",
|
|
"Name": "@radix-ui/react-use-escape-keydown",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-use-escape-keydown@1.1.1",
|
|
"UID": "d06ce3d31847ce90"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-use-callback-ref@1.1.1",
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2443,
|
|
"EndLine": 2460
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-use-layout-effect@1.1.1",
|
|
"Name": "@radix-ui/react-use-layout-effect",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-use-layout-effect@1.1.1",
|
|
"UID": "65f4e574db65d926"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2461,
|
|
"EndLine": 2475
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-use-previous@1.1.1",
|
|
"Name": "@radix-ui/react-use-previous",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-use-previous@1.1.1",
|
|
"UID": "5512372036264de8"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2476,
|
|
"EndLine": 2490
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-use-rect@1.1.1",
|
|
"Name": "@radix-ui/react-use-rect",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-use-rect@1.1.1",
|
|
"UID": "d93756964d48f4f7"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/rect@1.1.1",
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2491,
|
|
"EndLine": 2508
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-use-size@1.1.1",
|
|
"Name": "@radix-ui/react-use-size",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-use-size@1.1.1",
|
|
"UID": "b810b03a3d62718a"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-use-layout-effect@1.1.1",
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2509,
|
|
"EndLine": 2526
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/react-visually-hidden@1.2.3",
|
|
"Name": "@radix-ui/react-visually-hidden",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/react-visually-hidden@1.2.3",
|
|
"UID": "2740d610c7275644"
|
|
},
|
|
"Version": "1.2.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@radix-ui/react-primitive@2.1.3",
|
|
"@types/react-dom@19.2.3",
|
|
"@types/react@19.2.10",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2527,
|
|
"EndLine": 2549
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@radix-ui/rect@1.1.1",
|
|
"Name": "@radix-ui/rect",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40radix-ui/rect@1.1.1",
|
|
"UID": "7b611cefaf017821"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2550,
|
|
"EndLine": 2555
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@tanstack/query-core@5.90.20",
|
|
"Name": "@tanstack/query-core",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40tanstack/query-core@5.90.20",
|
|
"UID": "de05449c0568c1f0"
|
|
},
|
|
"Version": "5.90.20",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3191,
|
|
"EndLine": 3200
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "aria-hidden@1.2.6",
|
|
"Name": "aria-hidden",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/aria-hidden@1.2.6",
|
|
"UID": "33370a28936c9b39"
|
|
},
|
|
"Version": "1.2.6",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"tslib@2.8.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3964,
|
|
"EndLine": 3975
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "asynckit@0.4.0",
|
|
"Name": "asynckit",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/asynckit@0.4.0",
|
|
"UID": "f4eb3e761fe953ed"
|
|
},
|
|
"Version": "0.4.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4015,
|
|
"EndLine": 4020
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "call-bind-apply-helpers@1.0.2",
|
|
"Name": "call-bind-apply-helpers",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/call-bind-apply-helpers@1.0.2",
|
|
"UID": "da1d43c277444559"
|
|
},
|
|
"Version": "1.0.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"es-errors@1.3.0",
|
|
"function-bind@1.1.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4154,
|
|
"EndLine": 4166
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "combined-stream@1.0.8",
|
|
"Name": "combined-stream",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/combined-stream@1.0.8",
|
|
"UID": "374b428faac8e668"
|
|
},
|
|
"Version": "1.0.8",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"delayed-stream@1.0.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4266,
|
|
"EndLine": 4277
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "cookie@1.1.1",
|
|
"Name": "cookie",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/cookie@1.1.1",
|
|
"UID": "4586c3d3d04f54a"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4292,
|
|
"EndLine": 4304
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "csstype@3.2.3",
|
|
"Name": "csstype",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/csstype@3.2.3",
|
|
"UID": "a319926602bb0966"
|
|
},
|
|
"Version": "3.2.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4367,
|
|
"EndLine": 4373
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "delayed-stream@1.0.0",
|
|
"Name": "delayed-stream",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/delayed-stream@1.0.0",
|
|
"UID": "56424cd49670c4ac"
|
|
},
|
|
"Version": "1.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4430,
|
|
"EndLine": 4438
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "detect-node-es@1.1.0",
|
|
"Name": "detect-node-es",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/detect-node-es@1.1.0",
|
|
"UID": "777879a6c92c2124"
|
|
},
|
|
"Version": "1.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4459,
|
|
"EndLine": 4464
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "dunder-proto@1.0.1",
|
|
"Name": "dunder-proto",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/dunder-proto@1.0.1",
|
|
"UID": "d7214da05d1824d1"
|
|
},
|
|
"Version": "1.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"call-bind-apply-helpers@1.0.2",
|
|
"es-errors@1.3.0",
|
|
"gopd@1.2.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4472,
|
|
"EndLine": 4485
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "es-define-property@1.0.1",
|
|
"Name": "es-define-property",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/es-define-property@1.0.1",
|
|
"UID": "bbf6fbb64b605894"
|
|
},
|
|
"Version": "1.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4520,
|
|
"EndLine": 4528
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "es-errors@1.3.0",
|
|
"Name": "es-errors",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/es-errors@1.3.0",
|
|
"UID": "19fbd082ed930594"
|
|
},
|
|
"Version": "1.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4529,
|
|
"EndLine": 4537
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "es-object-atoms@1.1.1",
|
|
"Name": "es-object-atoms",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/es-object-atoms@1.1.1",
|
|
"UID": "e8189e5640d0b664"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"es-errors@1.3.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4545,
|
|
"EndLine": 4556
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "es-set-tostringtag@2.1.0",
|
|
"Name": "es-set-tostringtag",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/es-set-tostringtag@2.1.0",
|
|
"UID": "dbaf4eb93d3f22c"
|
|
},
|
|
"Version": "2.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"es-errors@1.3.0",
|
|
"get-intrinsic@1.3.0",
|
|
"has-tostringtag@1.0.2",
|
|
"hasown@2.0.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 4557,
|
|
"EndLine": 4571
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "follow-redirects@1.15.11",
|
|
"Name": "follow-redirects",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/follow-redirects@1.15.11",
|
|
"UID": "da3e7dfe993b0032"
|
|
},
|
|
"Version": "1.15.11",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5062,
|
|
"EndLine": 5081
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "form-data@4.0.5",
|
|
"Name": "form-data",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/form-data@4.0.5",
|
|
"UID": "47c17197b890d83"
|
|
},
|
|
"Version": "4.0.5",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"asynckit@0.4.0",
|
|
"combined-stream@1.0.8",
|
|
"es-set-tostringtag@2.1.0",
|
|
"hasown@2.0.2",
|
|
"mime-types@2.1.35"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5082,
|
|
"EndLine": 5097
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "function-bind@1.1.2",
|
|
"Name": "function-bind",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/function-bind@1.1.2",
|
|
"UID": "c1891f37f1070d21"
|
|
},
|
|
"Version": "1.1.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5143,
|
|
"EndLine": 5151
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "get-intrinsic@1.3.0",
|
|
"Name": "get-intrinsic",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/get-intrinsic@1.3.0",
|
|
"UID": "f4ed9298ee0a577"
|
|
},
|
|
"Version": "1.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"call-bind-apply-helpers@1.0.2",
|
|
"es-define-property@1.0.1",
|
|
"es-errors@1.3.0",
|
|
"es-object-atoms@1.1.1",
|
|
"function-bind@1.1.2",
|
|
"get-proto@1.0.1",
|
|
"gopd@1.2.0",
|
|
"has-symbols@1.1.0",
|
|
"hasown@2.0.2",
|
|
"math-intrinsics@1.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5162,
|
|
"EndLine": 5185
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "get-nonce@1.0.1",
|
|
"Name": "get-nonce",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/get-nonce@1.0.1",
|
|
"UID": "96fb013d5f0590f"
|
|
},
|
|
"Version": "1.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5186,
|
|
"EndLine": 5194
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "get-proto@1.0.1",
|
|
"Name": "get-proto",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/get-proto@1.0.1",
|
|
"UID": "1237a43741dacaa4"
|
|
},
|
|
"Version": "1.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"dunder-proto@1.0.1",
|
|
"es-object-atoms@1.1.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5195,
|
|
"EndLine": 5207
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "goober@2.1.18",
|
|
"Name": "goober",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/goober@2.1.18",
|
|
"UID": "65cd450442002744"
|
|
},
|
|
"Version": "2.1.18",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"csstype@3.2.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5234,
|
|
"EndLine": 5242
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "gopd@1.2.0",
|
|
"Name": "gopd",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/gopd@1.2.0",
|
|
"UID": "fb0e304cf2cd1bdc"
|
|
},
|
|
"Version": "1.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5243,
|
|
"EndLine": 5254
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "has-symbols@1.1.0",
|
|
"Name": "has-symbols",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/has-symbols@1.1.0",
|
|
"UID": "cff758fe7dac139f"
|
|
},
|
|
"Version": "1.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5272,
|
|
"EndLine": 5283
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "has-tostringtag@1.0.2",
|
|
"Name": "has-tostringtag",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/has-tostringtag@1.0.2",
|
|
"UID": "521979a75b1bd761"
|
|
},
|
|
"Version": "1.0.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"has-symbols@1.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5284,
|
|
"EndLine": 5298
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "hasown@2.0.2",
|
|
"Name": "hasown",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/hasown@2.0.2",
|
|
"UID": "57426c235def9934"
|
|
},
|
|
"Version": "2.0.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"function-bind@1.1.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5299,
|
|
"EndLine": 5310
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "html-parse-stringify@3.0.1",
|
|
"Name": "html-parse-stringify",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/html-parse-stringify@3.0.1",
|
|
"UID": "bbd0f1faa1662838"
|
|
},
|
|
"Version": "3.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"void-elements@3.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 5348,
|
|
"EndLine": 5356
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "math-intrinsics@1.1.0",
|
|
"Name": "math-intrinsics",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/math-intrinsics@1.1.0",
|
|
"UID": "8c1d3202f8aa5745"
|
|
},
|
|
"Version": "1.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6124,
|
|
"EndLine": 6132
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "mime-db@1.52.0",
|
|
"Name": "mime-db",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/mime-db@1.52.0",
|
|
"UID": "2b7aeed4c2f3d9d4"
|
|
},
|
|
"Version": "1.52.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6177,
|
|
"EndLine": 6185
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "mime-types@2.1.35",
|
|
"Name": "mime-types",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/mime-types@2.1.35",
|
|
"UID": "40111703e28a80b2"
|
|
},
|
|
"Version": "2.1.35",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"mime-db@1.52.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6186,
|
|
"EndLine": 6197
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "proxy-from-env@1.1.0",
|
|
"Name": "proxy-from-env",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/proxy-from-env@1.1.0",
|
|
"UID": "b3094d28c1e232b5"
|
|
},
|
|
"Version": "1.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6557,
|
|
"EndLine": 6562
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react-remove-scroll@2.7.2",
|
|
"Name": "react-remove-scroll",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react-remove-scroll@2.7.2",
|
|
"UID": "59c2d76623624d30"
|
|
},
|
|
"Version": "2.7.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react-remove-scroll-bar@2.3.8",
|
|
"react-style-singleton@2.2.3",
|
|
"react@19.2.4",
|
|
"tslib@2.8.1",
|
|
"use-callback-ref@1.3.3",
|
|
"use-sidecar@1.1.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6694,
|
|
"EndLine": 6718
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react-remove-scroll-bar@2.3.8",
|
|
"Name": "react-remove-scroll-bar",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react-remove-scroll-bar@2.3.8",
|
|
"UID": "a472f2c3bd4cf234"
|
|
},
|
|
"Version": "2.3.8",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react-style-singleton@2.2.3",
|
|
"react@19.2.4",
|
|
"tslib@2.8.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6719,
|
|
"EndLine": 6740
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react-router@7.13.0",
|
|
"Name": "react-router",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react-router@7.13.0",
|
|
"UID": "1fce9431cf60cc62"
|
|
},
|
|
"Version": "7.13.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"cookie@1.1.1",
|
|
"react-dom@19.2.4",
|
|
"react@19.2.4",
|
|
"set-cookie-parser@2.7.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6741,
|
|
"EndLine": 6762
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "react-style-singleton@2.2.3",
|
|
"Name": "react-style-singleton",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/react-style-singleton@2.2.3",
|
|
"UID": "1042c60abe37d836"
|
|
},
|
|
"Version": "2.2.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"get-nonce@1.0.1",
|
|
"react@19.2.4",
|
|
"tslib@2.8.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6779,
|
|
"EndLine": 6800
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "scheduler@0.27.0",
|
|
"Name": "scheduler",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/scheduler@0.27.0",
|
|
"UID": "819bf8f17306b766"
|
|
},
|
|
"Version": "0.27.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6928,
|
|
"EndLine": 6933
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "set-cookie-parser@2.7.2",
|
|
"Name": "set-cookie-parser",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/set-cookie-parser@2.7.2",
|
|
"UID": "93eecc634482a483"
|
|
},
|
|
"Version": "2.7.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 6947,
|
|
"EndLine": 6952
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "tldts-core@7.0.22",
|
|
"Name": "tldts-core",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/tldts-core@7.0.22",
|
|
"UID": "a541b87584740c6f"
|
|
},
|
|
"Version": "7.0.22",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 7168,
|
|
"EndLine": 7173
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "tslib@2.8.1",
|
|
"Name": "tslib",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/tslib@2.8.1",
|
|
"UID": "6e0b7e565e47634f"
|
|
},
|
|
"Version": "2.8.1",
|
|
"Licenses": [
|
|
"0BSD"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 7236,
|
|
"EndLine": 7241
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "use-callback-ref@1.3.3",
|
|
"Name": "use-callback-ref",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/use-callback-ref@1.3.3",
|
|
"UID": "940b6b6f61941b8f"
|
|
},
|
|
"Version": "1.3.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"react@19.2.4",
|
|
"tslib@2.8.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 7352,
|
|
"EndLine": 7372
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "use-sidecar@1.1.3",
|
|
"Name": "use-sidecar",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/use-sidecar@1.1.3",
|
|
"UID": "1ee2be2a76c33df0"
|
|
},
|
|
"Version": "1.1.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@types/react@19.2.10",
|
|
"detect-node-es@1.1.0",
|
|
"react@19.2.4",
|
|
"tslib@2.8.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 7373,
|
|
"EndLine": 7394
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "use-sync-external-store@1.6.0",
|
|
"Name": "use-sync-external-store",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/use-sync-external-store@1.6.0",
|
|
"UID": "460d98970c0a7832"
|
|
},
|
|
"Version": "1.6.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"react@19.2.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 7395,
|
|
"EndLine": 7403
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "void-elements@3.1.0",
|
|
"Name": "void-elements",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/void-elements@3.1.0",
|
|
"UID": "9cbf73435dd4c30d"
|
|
},
|
|
"Version": "3.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 7574,
|
|
"EndLine": 7582
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": "package-lock.json",
|
|
"Class": "lang-pkgs",
|
|
"Type": "npm",
|
|
"Packages": [
|
|
{
|
|
"ID": "@types/node@25.2.0",
|
|
"Name": "@types/node",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40types/node@25.2.0",
|
|
"UID": "921c670562b614f4"
|
|
},
|
|
"Version": "25.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"undici-types@7.16.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 948,
|
|
"EndLine": 958
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@typescript/analyze-trace@0.10.1",
|
|
"Name": "@typescript/analyze-trace",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40typescript/analyze-trace@0.10.1",
|
|
"UID": "b8dc1f53d5d026ba"
|
|
},
|
|
"Version": "0.10.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"chalk@4.1.2",
|
|
"exit@0.1.2",
|
|
"jsonparse@1.3.1",
|
|
"jsonstream-next@3.0.0",
|
|
"p-limit@3.1.0",
|
|
"split2@3.2.2",
|
|
"treeify@1.1.0",
|
|
"yargs@16.2.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 977,
|
|
"EndLine": 997
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "tldts@7.0.22",
|
|
"Name": "tldts",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/tldts@7.0.22",
|
|
"UID": "c3a732b3c89a9248"
|
|
},
|
|
"Version": "7.0.22",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"tldts-core@7.0.22"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2951,
|
|
"EndLine": 2962
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "typescript@5.9.3",
|
|
"Name": "typescript",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/typescript@5.9.3",
|
|
"UID": "444b63958e38e025"
|
|
},
|
|
"Version": "5.9.3",
|
|
"Licenses": [
|
|
"Apache-2.0"
|
|
],
|
|
"Relationship": "direct",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2991,
|
|
"EndLine": 3003
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "vite@7.3.1",
|
|
"Name": "vite",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/vite@7.3.1",
|
|
"UID": "2ab9c679cfb90272"
|
|
},
|
|
"Version": "7.3.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Relationship": "direct",
|
|
"DependsOn": [
|
|
"@types/node@25.2.0",
|
|
"esbuild@0.27.2",
|
|
"fdir@6.5.0",
|
|
"fsevents@2.3.3",
|
|
"picomatch@4.0.3",
|
|
"postcss@8.5.6",
|
|
"rollup@4.57.1",
|
|
"tinyglobby@0.2.15"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3052,
|
|
"EndLine": 3125
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/aix-ppc64@0.27.2",
|
|
"Name": "@esbuild/aix-ppc64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/aix-ppc64@0.27.2",
|
|
"UID": "144fa86f0ebba7ba"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 51,
|
|
"EndLine": 66
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/android-arm@0.27.2",
|
|
"Name": "@esbuild/android-arm",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/android-arm@0.27.2",
|
|
"UID": "70ebeb507920a5ed"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 67,
|
|
"EndLine": 82
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/android-arm64@0.27.2",
|
|
"Name": "@esbuild/android-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/android-arm64@0.27.2",
|
|
"UID": "7d9dad000a2ea660"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 83,
|
|
"EndLine": 98
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/android-x64@0.27.2",
|
|
"Name": "@esbuild/android-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/android-x64@0.27.2",
|
|
"UID": "b17fff2d7aa29130"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 99,
|
|
"EndLine": 114
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/darwin-arm64@0.27.2",
|
|
"Name": "@esbuild/darwin-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/darwin-arm64@0.27.2",
|
|
"UID": "a0a232b1c339685a"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 115,
|
|
"EndLine": 130
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/darwin-x64@0.27.2",
|
|
"Name": "@esbuild/darwin-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/darwin-x64@0.27.2",
|
|
"UID": "a09f10c04a9397fd"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 131,
|
|
"EndLine": 146
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/freebsd-arm64@0.27.2",
|
|
"Name": "@esbuild/freebsd-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/freebsd-arm64@0.27.2",
|
|
"UID": "b7c1685fa4b437f7"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 147,
|
|
"EndLine": 162
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/freebsd-x64@0.27.2",
|
|
"Name": "@esbuild/freebsd-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/freebsd-x64@0.27.2",
|
|
"UID": "9a9784b358ebeec9"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 163,
|
|
"EndLine": 178
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/linux-arm@0.27.2",
|
|
"Name": "@esbuild/linux-arm",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/linux-arm@0.27.2",
|
|
"UID": "2ea4d4026bab7222"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 179,
|
|
"EndLine": 194
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/linux-arm64@0.27.2",
|
|
"Name": "@esbuild/linux-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/linux-arm64@0.27.2",
|
|
"UID": "69d4dde9d6d355ec"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 195,
|
|
"EndLine": 210
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/linux-ia32@0.27.2",
|
|
"Name": "@esbuild/linux-ia32",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/linux-ia32@0.27.2",
|
|
"UID": "1bd0508113b5b0b"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 211,
|
|
"EndLine": 226
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/linux-loong64@0.27.2",
|
|
"Name": "@esbuild/linux-loong64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/linux-loong64@0.27.2",
|
|
"UID": "b773734dbe6ddca9"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 227,
|
|
"EndLine": 242
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/linux-mips64el@0.27.2",
|
|
"Name": "@esbuild/linux-mips64el",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/linux-mips64el@0.27.2",
|
|
"UID": "169d403407e94c0b"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 243,
|
|
"EndLine": 258
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/linux-ppc64@0.27.2",
|
|
"Name": "@esbuild/linux-ppc64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/linux-ppc64@0.27.2",
|
|
"UID": "b806119f856587ba"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 259,
|
|
"EndLine": 274
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/linux-riscv64@0.27.2",
|
|
"Name": "@esbuild/linux-riscv64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/linux-riscv64@0.27.2",
|
|
"UID": "20c45c5f8df89d7f"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 275,
|
|
"EndLine": 290
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/linux-s390x@0.27.2",
|
|
"Name": "@esbuild/linux-s390x",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/linux-s390x@0.27.2",
|
|
"UID": "c411ace72d442eaa"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 291,
|
|
"EndLine": 306
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/linux-x64@0.27.2",
|
|
"Name": "@esbuild/linux-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/linux-x64@0.27.2",
|
|
"UID": "ffa390d0128b0679"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 307,
|
|
"EndLine": 322
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/netbsd-arm64@0.27.2",
|
|
"Name": "@esbuild/netbsd-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/netbsd-arm64@0.27.2",
|
|
"UID": "65d2575e72e8ee75"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 323,
|
|
"EndLine": 338
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/netbsd-x64@0.27.2",
|
|
"Name": "@esbuild/netbsd-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/netbsd-x64@0.27.2",
|
|
"UID": "81c626cfe7ed322f"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 339,
|
|
"EndLine": 354
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/openbsd-arm64@0.27.2",
|
|
"Name": "@esbuild/openbsd-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/openbsd-arm64@0.27.2",
|
|
"UID": "df3feecb9e7b8c11"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 355,
|
|
"EndLine": 370
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/openbsd-x64@0.27.2",
|
|
"Name": "@esbuild/openbsd-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/openbsd-x64@0.27.2",
|
|
"UID": "1954341ae728ed81"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 371,
|
|
"EndLine": 386
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/openharmony-arm64@0.27.2",
|
|
"Name": "@esbuild/openharmony-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/openharmony-arm64@0.27.2",
|
|
"UID": "58e0249cb4e20cd5"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 387,
|
|
"EndLine": 402
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/sunos-x64@0.27.2",
|
|
"Name": "@esbuild/sunos-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/sunos-x64@0.27.2",
|
|
"UID": "1c37a2e55781054"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 403,
|
|
"EndLine": 418
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/win32-arm64@0.27.2",
|
|
"Name": "@esbuild/win32-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/win32-arm64@0.27.2",
|
|
"UID": "3053a04b5f40d00b"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 419,
|
|
"EndLine": 434
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/win32-ia32@0.27.2",
|
|
"Name": "@esbuild/win32-ia32",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/win32-ia32@0.27.2",
|
|
"UID": "c43ff35d5c3027c"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 435,
|
|
"EndLine": 450
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@esbuild/win32-x64@0.27.2",
|
|
"Name": "@esbuild/win32-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40esbuild/win32-x64@0.27.2",
|
|
"UID": "6062d161dfcd91f9"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 451,
|
|
"EndLine": 466
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-android-arm-eabi@4.57.1",
|
|
"Name": "@rollup/rollup-android-arm-eabi",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-android-arm-eabi@4.57.1",
|
|
"UID": "2f860cc25d2553df"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 573,
|
|
"EndLine": 585
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-android-arm64@4.57.1",
|
|
"Name": "@rollup/rollup-android-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-android-arm64@4.57.1",
|
|
"UID": "87de120ee1270c0f"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 586,
|
|
"EndLine": 598
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-darwin-arm64@4.57.1",
|
|
"Name": "@rollup/rollup-darwin-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-darwin-arm64@4.57.1",
|
|
"UID": "f73aa2178fa3c57a"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 599,
|
|
"EndLine": 611
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-darwin-x64@4.57.1",
|
|
"Name": "@rollup/rollup-darwin-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-darwin-x64@4.57.1",
|
|
"UID": "8c051a60613d357d"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 612,
|
|
"EndLine": 624
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-freebsd-arm64@4.57.1",
|
|
"Name": "@rollup/rollup-freebsd-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-freebsd-arm64@4.57.1",
|
|
"UID": "e53e88e40a52fab4"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 625,
|
|
"EndLine": 637
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-freebsd-x64@4.57.1",
|
|
"Name": "@rollup/rollup-freebsd-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-freebsd-x64@4.57.1",
|
|
"UID": "1c811637556ea012"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 638,
|
|
"EndLine": 650
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-arm-gnueabihf@4.57.1",
|
|
"Name": "@rollup/rollup-linux-arm-gnueabihf",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-arm-gnueabihf@4.57.1",
|
|
"UID": "62c2b4a82aa984c0"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 651,
|
|
"EndLine": 663
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-arm-musleabihf@4.57.1",
|
|
"Name": "@rollup/rollup-linux-arm-musleabihf",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-arm-musleabihf@4.57.1",
|
|
"UID": "99413c25c145fdf4"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 664,
|
|
"EndLine": 676
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-arm64-gnu@4.57.1",
|
|
"Name": "@rollup/rollup-linux-arm64-gnu",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-arm64-gnu@4.57.1",
|
|
"UID": "73cb5e23f0d42ed6"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 677,
|
|
"EndLine": 689
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-arm64-musl@4.57.1",
|
|
"Name": "@rollup/rollup-linux-arm64-musl",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-arm64-musl@4.57.1",
|
|
"UID": "a602a7cb59c23ce7"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 690,
|
|
"EndLine": 702
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-loong64-gnu@4.57.1",
|
|
"Name": "@rollup/rollup-linux-loong64-gnu",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-loong64-gnu@4.57.1",
|
|
"UID": "c94132ddd5a10951"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 703,
|
|
"EndLine": 715
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-loong64-musl@4.57.1",
|
|
"Name": "@rollup/rollup-linux-loong64-musl",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-loong64-musl@4.57.1",
|
|
"UID": "eb98ce3dc50c16ca"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 716,
|
|
"EndLine": 728
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-ppc64-gnu@4.57.1",
|
|
"Name": "@rollup/rollup-linux-ppc64-gnu",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-ppc64-gnu@4.57.1",
|
|
"UID": "83b86c28ce63f3a"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 729,
|
|
"EndLine": 741
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-ppc64-musl@4.57.1",
|
|
"Name": "@rollup/rollup-linux-ppc64-musl",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-ppc64-musl@4.57.1",
|
|
"UID": "cc3243ad77f2c54c"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 742,
|
|
"EndLine": 754
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-riscv64-gnu@4.57.1",
|
|
"Name": "@rollup/rollup-linux-riscv64-gnu",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-riscv64-gnu@4.57.1",
|
|
"UID": "8c4ad6d1a47dbf0a"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 755,
|
|
"EndLine": 767
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-riscv64-musl@4.57.1",
|
|
"Name": "@rollup/rollup-linux-riscv64-musl",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-riscv64-musl@4.57.1",
|
|
"UID": "d3b53c753e9cee74"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 768,
|
|
"EndLine": 780
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-s390x-gnu@4.57.1",
|
|
"Name": "@rollup/rollup-linux-s390x-gnu",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-s390x-gnu@4.57.1",
|
|
"UID": "a357a3dcc6aefa9a"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 781,
|
|
"EndLine": 793
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-x64-gnu@4.57.1",
|
|
"Name": "@rollup/rollup-linux-x64-gnu",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-x64-gnu@4.57.1",
|
|
"UID": "a9ae0579ec5b7cc4"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 794,
|
|
"EndLine": 806
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-linux-x64-musl@4.57.1",
|
|
"Name": "@rollup/rollup-linux-x64-musl",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-linux-x64-musl@4.57.1",
|
|
"UID": "a13db0acb91edf54"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 807,
|
|
"EndLine": 819
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-openbsd-x64@4.57.1",
|
|
"Name": "@rollup/rollup-openbsd-x64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-openbsd-x64@4.57.1",
|
|
"UID": "ac8b621270e48916"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 820,
|
|
"EndLine": 832
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-openharmony-arm64@4.57.1",
|
|
"Name": "@rollup/rollup-openharmony-arm64",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-openharmony-arm64@4.57.1",
|
|
"UID": "b593c700ac0358c7"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 833,
|
|
"EndLine": 845
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-win32-arm64-msvc@4.57.1",
|
|
"Name": "@rollup/rollup-win32-arm64-msvc",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-win32-arm64-msvc@4.57.1",
|
|
"UID": "db8332c54e446dbb"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 846,
|
|
"EndLine": 858
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-win32-ia32-msvc@4.57.1",
|
|
"Name": "@rollup/rollup-win32-ia32-msvc",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-win32-ia32-msvc@4.57.1",
|
|
"UID": "718fd211edea7d82"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 859,
|
|
"EndLine": 871
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-win32-x64-gnu@4.57.1",
|
|
"Name": "@rollup/rollup-win32-x64-gnu",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-win32-x64-gnu@4.57.1",
|
|
"UID": "a736e99cae2840c6"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 872,
|
|
"EndLine": 884
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@rollup/rollup-win32-x64-msvc@4.57.1",
|
|
"Name": "@rollup/rollup-win32-x64-msvc",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40rollup/rollup-win32-x64-msvc@4.57.1",
|
|
"UID": "e1ae4beab127251d"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 885,
|
|
"EndLine": 897
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "@types/estree@1.0.8",
|
|
"Name": "@types/estree",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/%40types/estree@1.0.8",
|
|
"UID": "2e720e09c5e808c6"
|
|
},
|
|
"Version": "1.0.8",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 921,
|
|
"EndLine": 926
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "ansi-regex@5.0.1",
|
|
"Name": "ansi-regex",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/ansi-regex@5.0.1",
|
|
"UID": "c645a5229092f44b"
|
|
},
|
|
"Version": "5.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1116,
|
|
"EndLine": 1124
|
|
},
|
|
{
|
|
"StartLine": 3197,
|
|
"EndLine": 3205
|
|
},
|
|
{
|
|
"StartLine": 3278,
|
|
"EndLine": 3286
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "ansi-styles@4.3.0",
|
|
"Name": "ansi-styles",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/ansi-styles@4.3.0",
|
|
"UID": "5754e8ced22b15e1"
|
|
},
|
|
"Version": "4.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"color-convert@2.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1011,
|
|
"EndLine": 1025
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "chalk@4.1.2",
|
|
"Name": "chalk",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/chalk@4.1.2",
|
|
"UID": "5b37a2fff4cbe47c"
|
|
},
|
|
"Version": "4.1.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"ansi-styles@4.3.0",
|
|
"supports-color@7.2.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1046,
|
|
"EndLine": 1061
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "cliui@7.0.4",
|
|
"Name": "cliui",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/cliui@7.0.4",
|
|
"UID": "c163b6801201ca85"
|
|
},
|
|
"Version": "7.0.4",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"string-width@4.2.3",
|
|
"strip-ansi@6.0.1",
|
|
"wrap-ansi@7.0.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1105,
|
|
"EndLine": 1115
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "color-convert@2.0.1",
|
|
"Name": "color-convert",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/color-convert@2.0.1",
|
|
"UID": "b4f2b1808b450d7b"
|
|
},
|
|
"Version": "2.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"color-name@1.1.4"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1151,
|
|
"EndLine": 1162
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "color-name@1.1.4",
|
|
"Name": "color-name",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/color-name@1.1.4",
|
|
"UID": "3e351db4d12c8531"
|
|
},
|
|
"Version": "1.1.4",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1163,
|
|
"EndLine": 1168
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "emoji-regex@8.0.0",
|
|
"Name": "emoji-regex",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/emoji-regex@8.0.0",
|
|
"UID": "67011064b3a30893"
|
|
},
|
|
"Version": "8.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1272,
|
|
"EndLine": 1277
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "esbuild@0.27.2",
|
|
"Name": "esbuild",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/esbuild@0.27.2",
|
|
"UID": "3619414005df0310"
|
|
},
|
|
"Version": "0.27.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@esbuild/aix-ppc64@0.27.2",
|
|
"@esbuild/android-arm64@0.27.2",
|
|
"@esbuild/android-arm@0.27.2",
|
|
"@esbuild/android-x64@0.27.2",
|
|
"@esbuild/darwin-arm64@0.27.2",
|
|
"@esbuild/darwin-x64@0.27.2",
|
|
"@esbuild/freebsd-arm64@0.27.2",
|
|
"@esbuild/freebsd-x64@0.27.2",
|
|
"@esbuild/linux-arm64@0.27.2",
|
|
"@esbuild/linux-arm@0.27.2",
|
|
"@esbuild/linux-ia32@0.27.2",
|
|
"@esbuild/linux-loong64@0.27.2",
|
|
"@esbuild/linux-mips64el@0.27.2",
|
|
"@esbuild/linux-ppc64@0.27.2",
|
|
"@esbuild/linux-riscv64@0.27.2",
|
|
"@esbuild/linux-s390x@0.27.2",
|
|
"@esbuild/linux-x64@0.27.2",
|
|
"@esbuild/netbsd-arm64@0.27.2",
|
|
"@esbuild/netbsd-x64@0.27.2",
|
|
"@esbuild/openbsd-arm64@0.27.2",
|
|
"@esbuild/openbsd-x64@0.27.2",
|
|
"@esbuild/openharmony-arm64@0.27.2",
|
|
"@esbuild/sunos-x64@0.27.2",
|
|
"@esbuild/win32-arm64@0.27.2",
|
|
"@esbuild/win32-ia32@0.27.2",
|
|
"@esbuild/win32-x64@0.27.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1291,
|
|
"EndLine": 1331
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "escalade@3.2.0",
|
|
"Name": "escalade",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/escalade@3.2.0",
|
|
"UID": "615beb0d1b626243"
|
|
},
|
|
"Version": "3.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1332,
|
|
"EndLine": 1340
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "exit@0.1.2",
|
|
"Name": "exit",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/exit@0.1.2",
|
|
"UID": "f2324fc403d9e7e"
|
|
},
|
|
"Version": "0.1.2",
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1341,
|
|
"EndLine": 1348
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "fdir@6.5.0",
|
|
"Name": "fdir",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/fdir@6.5.0",
|
|
"UID": "3680701ae5852840"
|
|
},
|
|
"Version": "6.5.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"picomatch@4.0.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2921,
|
|
"EndLine": 2937
|
|
},
|
|
{
|
|
"StartLine": 3126,
|
|
"EndLine": 3142
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "fsevents@2.3.2",
|
|
"Name": "fsevents",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/fsevents@2.3.2",
|
|
"UID": "1db5e1910b586ae2"
|
|
},
|
|
"Version": "2.3.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1426,
|
|
"EndLine": 1439
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "fsevents@2.3.3",
|
|
"Name": "fsevents",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/fsevents@2.3.3",
|
|
"UID": "e92f8456168b3afd"
|
|
},
|
|
"Version": "2.3.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3143,
|
|
"EndLine": 3156
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "get-caller-file@2.0.5",
|
|
"Name": "get-caller-file",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/get-caller-file@2.0.5",
|
|
"UID": "4dd8a84ce9eea3d3"
|
|
},
|
|
"Version": "2.0.5",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1440,
|
|
"EndLine": 1448
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "has-flag@4.0.0",
|
|
"Name": "has-flag",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/has-flag@4.0.0",
|
|
"UID": "6f27663b416a5157"
|
|
},
|
|
"Version": "4.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1496,
|
|
"EndLine": 1504
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "inherits@2.0.4",
|
|
"Name": "inherits",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/inherits@2.0.4",
|
|
"UID": "c7bc5889a97c5e02"
|
|
},
|
|
"Version": "2.0.4",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1522,
|
|
"EndLine": 1527
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "is-fullwidth-code-point@3.0.0",
|
|
"Name": "is-fullwidth-code-point",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/is-fullwidth-code-point@3.0.0",
|
|
"UID": "573dc874e8fda69a"
|
|
},
|
|
"Version": "3.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1575,
|
|
"EndLine": 1583
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "jsonparse@1.3.1",
|
|
"Name": "jsonparse",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/jsonparse@1.3.1",
|
|
"UID": "b33ed1352c1f20a2"
|
|
},
|
|
"Version": "1.3.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1677,
|
|
"EndLine": 1685
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "jsonstream-next@3.0.0",
|
|
"Name": "jsonstream-next",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/jsonstream-next@3.0.0",
|
|
"UID": "5cac71face733180"
|
|
},
|
|
"Version": "3.0.0",
|
|
"Licenses": [
|
|
"(MIT OR Apache-2.0)"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"jsonparse@1.3.1",
|
|
"through2@4.0.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1686,
|
|
"EndLine": 1701
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "nanoid@3.3.11",
|
|
"Name": "nanoid",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/nanoid@3.3.11",
|
|
"UID": "690899467370f12b"
|
|
},
|
|
"Version": "3.3.11",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2433,
|
|
"EndLine": 2450
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "p-limit@3.1.0",
|
|
"Name": "p-limit",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/p-limit@3.1.0",
|
|
"UID": "c1d835b0e7534d90"
|
|
},
|
|
"Version": "3.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"yocto-queue@0.1.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2491,
|
|
"EndLine": 2505
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "picocolors@1.1.1",
|
|
"Name": "picocolors",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/picocolors@1.1.1",
|
|
"UID": "b3ab17d3479f7206"
|
|
},
|
|
"Version": "1.1.1",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2539,
|
|
"EndLine": 2544
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "picomatch@4.0.3",
|
|
"Name": "picomatch",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/picomatch@4.0.3",
|
|
"UID": "64e8bd3be0c70d76"
|
|
},
|
|
"Version": "4.0.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2938,
|
|
"EndLine": 2950
|
|
},
|
|
{
|
|
"StartLine": 3157,
|
|
"EndLine": 3169
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "postcss@8.5.6",
|
|
"Name": "postcss",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/postcss@8.5.6",
|
|
"UID": "46c1cf4091597e77"
|
|
},
|
|
"Version": "8.5.6",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"nanoid@3.3.11",
|
|
"picocolors@1.1.1",
|
|
"source-map-js@1.2.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2590,
|
|
"EndLine": 2617
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "readable-stream@3.6.2",
|
|
"Name": "readable-stream",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/readable-stream@3.6.2",
|
|
"UID": "e344006280af3bca"
|
|
},
|
|
"Version": "3.6.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"inherits@2.0.4",
|
|
"string_decoder@1.3.0",
|
|
"util-deprecate@1.0.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2649,
|
|
"EndLine": 2662
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "require-directory@2.1.1",
|
|
"Name": "require-directory",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/require-directory@2.1.1",
|
|
"UID": "dae186711ec08c99"
|
|
},
|
|
"Version": "2.1.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2663,
|
|
"EndLine": 2671
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "rollup@4.57.1",
|
|
"Name": "rollup",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/rollup@4.57.1",
|
|
"UID": "ce9d69aeb3d192c3"
|
|
},
|
|
"Version": "4.57.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"@rollup/rollup-android-arm-eabi@4.57.1",
|
|
"@rollup/rollup-android-arm64@4.57.1",
|
|
"@rollup/rollup-darwin-arm64@4.57.1",
|
|
"@rollup/rollup-darwin-x64@4.57.1",
|
|
"@rollup/rollup-freebsd-arm64@4.57.1",
|
|
"@rollup/rollup-freebsd-x64@4.57.1",
|
|
"@rollup/rollup-linux-arm-gnueabihf@4.57.1",
|
|
"@rollup/rollup-linux-arm-musleabihf@4.57.1",
|
|
"@rollup/rollup-linux-arm64-gnu@4.57.1",
|
|
"@rollup/rollup-linux-arm64-musl@4.57.1",
|
|
"@rollup/rollup-linux-loong64-gnu@4.57.1",
|
|
"@rollup/rollup-linux-loong64-musl@4.57.1",
|
|
"@rollup/rollup-linux-ppc64-gnu@4.57.1",
|
|
"@rollup/rollup-linux-ppc64-musl@4.57.1",
|
|
"@rollup/rollup-linux-riscv64-gnu@4.57.1",
|
|
"@rollup/rollup-linux-riscv64-musl@4.57.1",
|
|
"@rollup/rollup-linux-s390x-gnu@4.57.1",
|
|
"@rollup/rollup-linux-x64-gnu@4.57.1",
|
|
"@rollup/rollup-linux-x64-musl@4.57.1",
|
|
"@rollup/rollup-openbsd-x64@4.57.1",
|
|
"@rollup/rollup-openharmony-arm64@4.57.1",
|
|
"@rollup/rollup-win32-arm64-msvc@4.57.1",
|
|
"@rollup/rollup-win32-ia32-msvc@4.57.1",
|
|
"@rollup/rollup-win32-x64-gnu@4.57.1",
|
|
"@rollup/rollup-win32-x64-msvc@4.57.1",
|
|
"@types/estree@1.0.8",
|
|
"fsevents@2.3.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2683,
|
|
"EndLine": 2726
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "safe-buffer@5.2.1",
|
|
"Name": "safe-buffer",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/safe-buffer@5.2.1",
|
|
"UID": "543b29785ec2a448"
|
|
},
|
|
"Version": "5.2.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2751,
|
|
"EndLine": 2770
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "source-map-js@1.2.1",
|
|
"Name": "source-map-js",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/source-map-js@1.2.1",
|
|
"UID": "d177270a8e43abb9"
|
|
},
|
|
"Version": "1.2.1",
|
|
"Licenses": [
|
|
"BSD-3-Clause"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2797,
|
|
"EndLine": 2805
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "split2@3.2.2",
|
|
"Name": "split2",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/split2@3.2.2",
|
|
"UID": "1874784360c9b07c"
|
|
},
|
|
"Version": "3.2.2",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"readable-stream@3.6.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2806,
|
|
"EndLine": 2814
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "string-width@4.2.3",
|
|
"Name": "string-width",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/string-width@4.2.3",
|
|
"UID": "d847082c4fdc1dea"
|
|
},
|
|
"Version": "4.2.3",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"emoji-regex@8.0.0",
|
|
"is-fullwidth-code-point@3.0.0",
|
|
"strip-ansi@6.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1125,
|
|
"EndLine": 1138
|
|
},
|
|
{
|
|
"StartLine": 3206,
|
|
"EndLine": 3219
|
|
},
|
|
{
|
|
"StartLine": 3287,
|
|
"EndLine": 3300
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "string_decoder@1.3.0",
|
|
"Name": "string_decoder",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/string_decoder@1.3.0",
|
|
"UID": "76410ed4d2fe466e"
|
|
},
|
|
"Version": "1.3.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"safe-buffer@5.2.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2815,
|
|
"EndLine": 2823
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "strip-ansi@6.0.1",
|
|
"Name": "strip-ansi",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/strip-ansi@6.0.1",
|
|
"UID": "ba2d0b4f4f24e69"
|
|
},
|
|
"Version": "6.0.1",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"ansi-regex@5.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 1139,
|
|
"EndLine": 1150
|
|
},
|
|
{
|
|
"StartLine": 3220,
|
|
"EndLine": 3231
|
|
},
|
|
{
|
|
"StartLine": 3301,
|
|
"EndLine": 3312
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "supports-color@7.2.0",
|
|
"Name": "supports-color",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/supports-color@7.2.0",
|
|
"UID": "cf2a6676157672a2"
|
|
},
|
|
"Version": "7.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"has-flag@4.0.0"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2857,
|
|
"EndLine": 2868
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "through2@4.0.2",
|
|
"Name": "through2",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/through2@4.0.2",
|
|
"UID": "7b6cc5b6e2b2d385"
|
|
},
|
|
"Version": "4.0.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"readable-stream@3.6.2"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2896,
|
|
"EndLine": 2904
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "tinyglobby@0.2.15",
|
|
"Name": "tinyglobby",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/tinyglobby@0.2.15",
|
|
"UID": "d432327288272f45"
|
|
},
|
|
"Version": "0.2.15",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"fdir@6.5.0",
|
|
"picomatch@4.0.3"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2905,
|
|
"EndLine": 2920
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "tldts-core@7.0.22",
|
|
"Name": "tldts-core",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/tldts-core@7.0.22",
|
|
"UID": "5f76e916281bf5e0"
|
|
},
|
|
"Version": "7.0.22",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2963,
|
|
"EndLine": 2968
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "treeify@1.1.0",
|
|
"Name": "treeify",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/treeify@1.1.0",
|
|
"UID": "4c80e8fde5fd2768"
|
|
},
|
|
"Version": "1.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 2982,
|
|
"EndLine": 2990
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "undici-types@7.16.0",
|
|
"Name": "undici-types",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/undici-types@7.16.0",
|
|
"UID": "e410e023d4bcd153"
|
|
},
|
|
"Version": "7.16.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3011,
|
|
"EndLine": 3017
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "util-deprecate@1.0.2",
|
|
"Name": "util-deprecate",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/util-deprecate@1.0.2",
|
|
"UID": "3c3cbcfed1754deb"
|
|
},
|
|
"Version": "1.0.2",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3031,
|
|
"EndLine": 3036
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "wrap-ansi@7.0.0",
|
|
"Name": "wrap-ansi",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/wrap-ansi@7.0.0",
|
|
"UID": "61fa9a67c724f3f3"
|
|
},
|
|
"Version": "7.0.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"ansi-styles@4.3.0",
|
|
"string-width@4.2.3",
|
|
"strip-ansi@6.0.1"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3180,
|
|
"EndLine": 3196
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "y18n@5.0.8",
|
|
"Name": "y18n",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/y18n@5.0.8",
|
|
"UID": "4bd3cd27980959cc"
|
|
},
|
|
"Version": "5.0.8",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3232,
|
|
"EndLine": 3240
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "yargs@16.2.0",
|
|
"Name": "yargs",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/yargs@16.2.0",
|
|
"UID": "2ff1b43c4c847b03"
|
|
},
|
|
"Version": "16.2.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"DependsOn": [
|
|
"cliui@7.0.4",
|
|
"escalade@3.2.0",
|
|
"get-caller-file@2.0.5",
|
|
"require-directory@2.1.1",
|
|
"string-width@4.2.3",
|
|
"y18n@5.0.8",
|
|
"yargs-parser@20.2.9"
|
|
],
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3251,
|
|
"EndLine": 3268
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "yargs-parser@20.2.9",
|
|
"Name": "yargs-parser",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/yargs-parser@20.2.9",
|
|
"UID": "8d83b573ba1364d8"
|
|
},
|
|
"Version": "20.2.9",
|
|
"Licenses": [
|
|
"ISC"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3269,
|
|
"EndLine": 3277
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
},
|
|
{
|
|
"ID": "yocto-queue@0.1.0",
|
|
"Name": "yocto-queue",
|
|
"Identifier": {
|
|
"PURL": "pkg:npm/yocto-queue@0.1.0",
|
|
"UID": "19e9ce5471c99201"
|
|
},
|
|
"Version": "0.1.0",
|
|
"Licenses": [
|
|
"MIT"
|
|
],
|
|
"Indirect": true,
|
|
"Relationship": "indirect",
|
|
"Locations": [
|
|
{
|
|
"StartLine": 3313,
|
|
"EndLine": 3324
|
|
}
|
|
],
|
|
"AnalyzedBy": "npm"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/docker/docker@v28.5.2+incompatible/integration-cli/fixtures/https/client-rogue-key.pem",
|
|
"Class": "secret",
|
|
"Secrets": [
|
|
{
|
|
"RuleID": "private-key",
|
|
"Category": "AsymmetricPrivateKey",
|
|
"Severity": "HIGH",
|
|
"Title": "Asymmetric Private Key",
|
|
"StartLine": 2,
|
|
"EndLine": 27,
|
|
"Code": {
|
|
"Lines": [
|
|
{
|
|
"Number": 1,
|
|
"Content": "-----BEGIN PRIVATE KEY-----",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "-----BEGIN PRIVATE KEY-----",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 2,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": true,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 3,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 4,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 5,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 6,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 7,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 8,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 9,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 10,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 11,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 12,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 13,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 14,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 15,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 16,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 17,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 18,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 19,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 20,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 21,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 22,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 23,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 24,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 25,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 26,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 27,
|
|
"Content": "************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "************************",
|
|
"FirstCause": false,
|
|
"LastCause": true
|
|
},
|
|
{
|
|
"Number": 28,
|
|
"Content": "-----END PRIVATE KEY-----",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "-----END PRIVATE KEY-----",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
}
|
|
]
|
|
},
|
|
"Match": "****************************************************************",
|
|
"Offset": 28
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/docker/docker@v28.5.2+incompatible/integration-cli/fixtures/https/server-rogue-key.pem",
|
|
"Class": "secret",
|
|
"Secrets": [
|
|
{
|
|
"RuleID": "private-key",
|
|
"Category": "AsymmetricPrivateKey",
|
|
"Severity": "HIGH",
|
|
"Title": "Asymmetric Private Key",
|
|
"StartLine": 2,
|
|
"EndLine": 27,
|
|
"Code": {
|
|
"Lines": [
|
|
{
|
|
"Number": 1,
|
|
"Content": "-----BEGIN PRIVATE KEY-----",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "-----BEGIN PRIVATE KEY-----",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 2,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": true,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 3,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 4,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 5,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 6,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 7,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 8,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 9,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 10,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 11,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 12,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 13,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 14,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 15,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 16,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 17,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 18,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 19,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 20,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 21,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 22,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 23,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 24,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 25,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 26,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 27,
|
|
"Content": "************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "************************",
|
|
"FirstCause": false,
|
|
"LastCause": true
|
|
},
|
|
{
|
|
"Number": 28,
|
|
"Content": "-----END PRIVATE KEY-----",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "-----END PRIVATE KEY-----",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
}
|
|
]
|
|
},
|
|
"Match": "****************************************************************",
|
|
"Offset": 28
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": ".cache/go/pkg/mod/github.com/docker/go-connections@v0.6.0/tlsconfig/fixtures/key.pem",
|
|
"Class": "secret",
|
|
"Secrets": [
|
|
{
|
|
"RuleID": "private-key",
|
|
"Category": "AsymmetricPrivateKey",
|
|
"Severity": "HIGH",
|
|
"Title": "Asymmetric Private Key",
|
|
"StartLine": 2,
|
|
"EndLine": 26,
|
|
"Code": {
|
|
"Lines": [
|
|
{
|
|
"Number": 1,
|
|
"Content": "-----BEGIN RSA PRIVATE KEY-----",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "-----BEGIN RSA PRIVATE KEY-----",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 2,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": true,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 3,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 4,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 5,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 6,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 7,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 8,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 9,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 10,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 11,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 12,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 13,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 14,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 15,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 16,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 17,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 18,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 19,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 20,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 21,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 22,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 23,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 24,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 25,
|
|
"Content": "****************************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "****************************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 26,
|
|
"Content": "********************************************************",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "********************************************************",
|
|
"FirstCause": false,
|
|
"LastCause": true
|
|
},
|
|
{
|
|
"Number": 27,
|
|
"Content": "-----END RSA PRIVATE KEY-----",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "-----END RSA PRIVATE KEY-----",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
}
|
|
]
|
|
},
|
|
"Match": "****************************************************************",
|
|
"Offset": 32
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"Target": "playwright/.auth/user.json",
|
|
"Class": "secret",
|
|
"Secrets": [
|
|
{
|
|
"RuleID": "jwt-token",
|
|
"Category": "JWT",
|
|
"Severity": "MEDIUM",
|
|
"Title": "JWT token",
|
|
"StartLine": 5,
|
|
"EndLine": 5,
|
|
"Code": {
|
|
"Lines": [
|
|
{
|
|
"Number": 3,
|
|
"Content": " {",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": " {",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 4,
|
|
"Content": " \"name\": \"auth_token\",",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": " \"name\": \"auth_token\",",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 5,
|
|
"Content": " \"value\": \"*****************************************************************************************************************************************************************\",",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": " \"value\": \"*****************************************************************************************************************************************************************\",",
|
|
"FirstCause": true,
|
|
"LastCause": true
|
|
},
|
|
{
|
|
"Number": 6,
|
|
"Content": " \"domain\": \"127.0.0.1\",",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": " \"domain\": \"127.0.0.1\",",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
}
|
|
]
|
|
},
|
|
"Match": " \"value\": \"*****************************************************************************************************************************************************************\",",
|
|
"Offset": 67
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|