Skip to content
This repository has been archived by the owner on Nov 29, 2023. It is now read-only.

Scan cli Unable to detect CVE-2021-44228 #192

Open
spicoflorin opened this issue Jan 5, 2022 · 1 comment
Open

Scan cli Unable to detect CVE-2021-44228 #192

spicoflorin opened this issue Jan 5, 2022 · 1 comment

Comments

@spicoflorin
Copy link

Hello!

I have installed the docker scan utility as described here:
https://docs.docker.com/engine/scan/#known-issues

I have used docker scan against the "vulnerable" CVE-2021-44228 docker image provide here https://github.com/christophetd/log4shell-vulnerable-app.
Unfortunately the docker scan was not able to detect the CVE-2021-44228.

Steps to reproduce the issue:

  1. docker run --name vulnerable-app --rm -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app
    2.docker scan docker scan ghcr.io/christophetd/log4shell-vulnerable-app:latest

Describe the results you received:


Testing ghcr.io/christophetd/log4shell-vulnerable-app:latest...

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2583
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075620
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.242.08-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2590
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075622
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.242.08-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2659
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075630
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.242.08-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2654
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075632
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.242.08-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2754
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075634
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2755
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075637
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2756
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075639
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2757
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075640
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2773
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075642
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: Information Exposure
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075656
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2945
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075657
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2964
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075660
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2962
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075661
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2973
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075662
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2978
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075665
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2981
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075666
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2983
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075668
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2987
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075671
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2988
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075672
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2992
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075676
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2894
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075680
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14577
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075684
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14578
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075685
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14579
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075686
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14581
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075687
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14779
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075691
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14781
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075692
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14782
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075693
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14796
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075695
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14797
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075696
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14798
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075697
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344523
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.191.12-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344539
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.201.08-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344660
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.191.12-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344671
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.201.08-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-485401
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.222.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-489037
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.222.10-r0

✗ Low severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-506913
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.222.10-r0

✗ Medium severity vulnerability found in sqlite/sqlite-libs
  Description: Divide By Zero
  Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-1019956
  Introduced through: sqlite/sqlite-libs@3.24.0-r0, nss/nss@3.36.1-r1
  From: sqlite/sqlite-libs@3.24.0-r0
  From: nss/nss@3.36.1-r1 > sqlite/sqlite-libs@3.24.0-r0
  Fixed in: 3.25.3-r2

✗ Medium severity vulnerability found in sqlite/sqlite-libs
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-598535
  Introduced through: sqlite/sqlite-libs@3.24.0-r0, nss/nss@3.36.1-r1
  From: sqlite/sqlite-libs@3.24.0-r0
  From: nss/nss@3.36.1-r1 > sqlite/sqlite-libs@3.24.0-r0
  Fixed in: 3.25.3-r3

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2593
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075624
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.242.08-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2601
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075627
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.242.08-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2781
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075644
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2800
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075647
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2830
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075652
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2949
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075658
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2958
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075659
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2975
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075663
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2989
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075675
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2019-2999
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075678
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.232.09-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14556
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075683
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14621
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075690
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14792
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075694
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14803
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075698
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Divide By Zero
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344398
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.191.12-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344491
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.191.12-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Divide By Zero
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344564
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.201.08-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344591
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.191.12-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344603
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.191.12-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-452929
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.212.04-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-484458
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.222.10-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-488191
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.222.10-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-488478
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.222.10-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-500014
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.222.10-r0

✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-504948
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.222.10-r0

✗ Medium severity vulnerability found in libtasn1/libtasn1
  Description: Resource Management Errors
  Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBTASN1-458536
  Introduced through: libtasn1/libtasn1@4.13-r0, p11-kit/p11-kit-trust@0.23.10-r0
  From: libtasn1/libtasn1@4.13-r0
  From: p11-kit/p11-kit-trust@0.23.10-r0 > libtasn1/libtasn1@4.13-r0
  Fixed in: 4.14-r0

✗ Medium severity vulnerability found in libpng/libpng
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBPNG-452828
  Introduced through: libpng/libpng@1.6.34-r1, freetype/freetype@2.9.1-r1, openjdk8/openjdk8-jre@8.181.13-r0
  From: libpng/libpng@1.6.34-r1
  From: freetype/freetype@2.9.1-r1 > libpng/libpng@1.6.34-r1
  From: openjdk8/openjdk8-jre@8.181.13-r0 > libpng/libpng@1.6.34-r1
  Fixed in: 1.6.37-r0

✗ Medium severity vulnerability found in libpng/libpng
  Description: Resource Management Errors
  Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBPNG-453172
  Introduced through: libpng/libpng@1.6.34-r1, freetype/freetype@2.9.1-r1, openjdk8/openjdk8-jre@8.181.13-r0
  From: libpng/libpng@1.6.34-r1
  From: freetype/freetype@2.9.1-r1 > libpng/libpng@1.6.34-r1
  From: openjdk8/openjdk8-jre@8.181.13-r0 > libpng/libpng@1.6.34-r1
  Fixed in: 1.6.37-r0

✗ Medium severity vulnerability found in libjpeg-turbo/libjpeg-turbo
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBJPEGTURBO-458242
  Introduced through: libjpeg-turbo/libjpeg-turbo@1.5.3-r3, openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0
  From: libjpeg-turbo/libjpeg-turbo@1.5.3-r3
  From: openjdk8/openjdk8-jre@8.181.13-r0 > libjpeg-turbo/libjpeg-turbo@1.5.3-r3
  From: openjdk8/openjdk8-jre-base@8.181.13-r0 > libjpeg-turbo/libjpeg-turbo@1.5.3-r3
  Fixed in: 1.5.3-r5

✗ Medium severity vulnerability found in krb5/krb5-libs
  Description: Reachable Assertion
  Info: https://snyk.io/vuln/SNYK-ALPINE38-KRB5-344510
  Introduced through: krb5/krb5-libs@1.15.3-r0, krb5-conf/krb5-conf@1.0-r1, openjdk8/openjdk8-jre-base@8.181.13-r0
  From: krb5/krb5-libs@1.15.3-r0
  From: krb5-conf/krb5-conf@1.0-r1 > krb5/krb5-libs@1.15.3-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0 > krb5/krb5-libs@1.15.3-r0
  Fixed in: 1.15.4-r0

✗ Medium severity vulnerability found in e2fsprogs/libcom_err
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE38-E2FSPROGS-504975
  Introduced through: e2fsprogs/libcom_err@1.44.2-r0, krb5-conf/krb5-conf@1.0-r1
  From: e2fsprogs/libcom_err@1.44.2-r0
  From: krb5-conf/krb5-conf@1.0-r1 > krb5/krb5-libs@1.15.3-r0 > e2fsprogs/libcom_err@1.44.2-r0
  Fixed in: 1.44.2-r1

✗ Medium severity vulnerability found in e2fsprogs/libcom_err
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE38-E2FSPROGS-598622
  Introduced through: e2fsprogs/libcom_err@1.44.2-r0, krb5-conf/krb5-conf@1.0-r1
  From: e2fsprogs/libcom_err@1.44.2-r0
  From: krb5-conf/krb5-conf@1.0-r1 > krb5/krb5-libs@1.15.3-r0 > e2fsprogs/libcom_err@1.44.2-r0
  Fixed in: 1.44.2-r2

✗ High severity vulnerability found in sqlite/sqlite-libs
  Description: CVE-2019-19244
  Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-1019957
  Introduced through: sqlite/sqlite-libs@3.24.0-r0, nss/nss@3.36.1-r1
  From: sqlite/sqlite-libs@3.24.0-r0
  From: nss/nss@3.36.1-r1 > sqlite/sqlite-libs@3.24.0-r0
  Fixed in: 3.25.3-r3

✗ High severity vulnerability found in sqlite/sqlite-libs
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-344378
  Introduced through: sqlite/sqlite-libs@3.24.0-r0, nss/nss@3.36.1-r1
  From: sqlite/sqlite-libs@3.24.0-r0
  From: nss/nss@3.36.1-r1 > sqlite/sqlite-libs@3.24.0-r0
  Fixed in: 3.25.3-r0

✗ High severity vulnerability found in sqlite/sqlite-libs
  Description: Improper Initialization
  Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-598534
  Introduced through: sqlite/sqlite-libs@3.24.0-r0, nss/nss@3.36.1-r1
  From: sqlite/sqlite-libs@3.24.0-r0
  From: nss/nss@3.36.1-r1 > sqlite/sqlite-libs@3.24.0-r0
  Fixed in: 3.25.0-r4

✗ High severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2604
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075628
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.242.08-r0

✗ High severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2803
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075648
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ High severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-2805
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075650
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.252.09-r0

✗ High severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14583
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075688
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ High severity vulnerability found in openjdk8/openjdk8-jre
  Description: CVE-2020-14593
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075689
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.272.10-r0

✗ High severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344386
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.191.12-r0

✗ High severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344453
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.191.12-r0

✗ High severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-453038
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.212.04-r0

✗ High severity vulnerability found in openjdk8/openjdk8-jre
  Description: Resource Exhaustion
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-453297
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.212.04-r0

✗ High severity vulnerability found in libpng/libpng
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBPNG-453732
  Introduced through: libpng/libpng@1.6.34-r1, freetype/freetype@2.9.1-r1, openjdk8/openjdk8-jre@8.181.13-r0
  From: libpng/libpng@1.6.34-r1
  From: freetype/freetype@2.9.1-r1 > libpng/libpng@1.6.34-r1
  From: openjdk8/openjdk8-jre@8.181.13-r0 > libpng/libpng@1.6.34-r1
  Fixed in: 1.6.37-r0

✗ High severity vulnerability found in libjpeg-turbo/libjpeg-turbo
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBJPEGTURBO-598583
  Introduced through: libjpeg-turbo/libjpeg-turbo@1.5.3-r3, openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0
  From: libjpeg-turbo/libjpeg-turbo@1.5.3-r3
  From: openjdk8/openjdk8-jre@8.181.13-r0 > libjpeg-turbo/libjpeg-turbo@1.5.3-r3
  From: openjdk8/openjdk8-jre-base@8.181.13-r0 > libjpeg-turbo/libjpeg-turbo@1.5.3-r3
  Fixed in: 1.5.3-r6

✗ Critical severity vulnerability found in sqlite/sqlite-libs
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-458494
  Introduced through: sqlite/sqlite-libs@3.24.0-r0, nss/nss@3.36.1-r1
  From: sqlite/sqlite-libs@3.24.0-r0
  From: nss/nss@3.36.1-r1 > sqlite/sqlite-libs@3.24.0-r0
  Fixed in: 3.25.3-r1

✗ Critical severity vulnerability found in openjdk8/openjdk8-jre
  Description: Improper Access Control
  Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344658
  Introduced through: openjdk8/openjdk8-jre@8.181.13-r0, openjdk8/openjdk8@8.181.13-r0, openjdk8/openjdk8-jre-base@8.181.13-r0, openjdk8/openjdk8-jre-lib@8.181.13-r0
  From: openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8@8.181.13-r0 > openjdk8/openjdk8-jre@8.181.13-r0
  From: openjdk8/openjdk8-jre-base@8.181.13-r0
  and 5 more...
  Fixed in: 8.191.12-r0

✗ Critical severity vulnerability found in musl/musl-utils
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE38-MUSL-458276
  Introduced through: musl/musl-utils@1.1.19-r10, libc-dev/libc-utils@0.7.1-r0, meta-common-packages@meta
  From: musl/musl-utils@1.1.19-r10
  From: libc-dev/libc-utils@0.7.1-r0 > musl/musl-utils@1.1.19-r10
  From: meta-common-packages@meta > musl/musl@1.1.19-r10
  Fixed in: 1.1.19-r11

✗ Critical severity vulnerability found in bzip2/libbz2
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE38-BZIP2-452633
  Introduced through: bzip2/libbz2@1.0.6-r6, freetype/freetype@2.9.1-r1
  From: bzip2/libbz2@1.0.6-r6
  From: freetype/freetype@2.9.1-r1 > bzip2/libbz2@1.0.6-r6
  Fixed in: 1.0.6-r7



Package manager:   apk
Project name:      docker-image|ghcr.io/christophetd/log4shell-vulnerable-app
Docker image:      ghcr.io/christophetd/log4shell-vulnerable-app:latest
Platform:          linux/amd64
Base image:        openjdk:8u181-jdk-alpine3.8
Licenses:          enabled

Tested 54 dependencies for known issues, found 90 issues.

Base Image                   Vulnerabilities  Severity
openjdk:8u181-jdk-alpine3.8  90               4 critical, 14 high, 34 medium, 38 low

Recommendations for base image upgrade:

Alternative image types
Base Image                         Vulnerabilities  Severity
openjdk:17-ea-22-jdk-oracle        0                0 critical, 0 high, 0 medium, 0 low
openjdk:16-ea-33-jdk-oraclelinux8  0                0 critical, 0 high, 0 medium, 0 low
openjdk:17-ea-10-jdk               0                0 critical, 0 high, 0 medium, 0 low
openjdk:17-ea-26-oraclelinux8      0                0 critical, 0 high, 0 medium, 0 low

Alpine 3.8.2 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates.

-------------------------------------------------------

Testing ghcr.io/christophetd/log4shell-vulnerable-app:latest...

Package manager:   maven
Target file:       /app
Project name:      ghcr.io/christophetd/log4shell-vulnerable-app:latest:/app
Docker image:      ghcr.io/christophetd/log4shell-vulnerable-app:latest
Licenses:          enabled

✔ Tested ghcr.io/christophetd/log4shell-vulnerable-app:latest for known issues, no vulnerable paths found.


Tested 2 projects, 1 contained vulnerable paths.

Describe the results you expected:
No CVE-2021-44228 detected as described here https://docs.docker.com/engine/scan/#scan-images-for-log4j-2-cve

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

Client: Docker Engine - Community
 Version:           19.03.6
 API version:       1.40
 Go version:        go1.12.16
 Git commit:        369ce74a3c
 Built:             Thu Feb 13 01:27:48 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.6
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.16
  Git commit:       369ce74a3c
  Built:            Thu Feb 13 01:26:21 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.6
  GitCommit:        894b81a4b802e4eb2a91d1ce216b8817763c29fb
 runc:
  Version:          1.0.0-rc8
  GitCommit:        425e105d5a03fabd737a126ad93d62a9eeede87f
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Output of docker scan --version:

Version:    v0.12.0
Git commit: 1074dd0
Provider:   Snyk (1.790.0 (standalone))
@mat007
Copy link
Member

mat007 commented Jan 12, 2022

Hi, you most likely need to update your docker scan version: https://github.com/docker/scan-cli-plugin/releases/tag/v0.16.0

# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mat007 @spicoflorin