github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/integration/testdata/mix.lock.json.golden (about) 1 { 2 "SchemaVersion": 2, 3 "CreatedAt": "2021-08-25T12:20:30.000000005Z", 4 "ArtifactName": "testdata/fixtures/repo/mixlock", 5 "ArtifactType": "repository", 6 "Metadata": { 7 "ImageConfig": { 8 "architecture": "", 9 "created": "0001-01-01T00:00:00Z", 10 "os": "", 11 "rootfs": { 12 "type": "", 13 "diff_ids": null 14 }, 15 "config": {} 16 } 17 }, 18 "Results": [ 19 { 20 "Target": "mix.lock", 21 "Class": "lang-pkgs", 22 "Type": "hex", 23 "Packages": [ 24 { 25 "ID": "castore@0.1.18", 26 "Name": "castore", 27 "Version": "0.1.18", 28 "Layer": {}, 29 "Locations": [ 30 { 31 "StartLine": 2, 32 "EndLine": 2 33 } 34 ] 35 }, 36 { 37 "ID": "jason@1.4.0", 38 "Name": "jason", 39 "Version": "1.4.0", 40 "Layer": {}, 41 "Locations": [ 42 { 43 "StartLine": 3, 44 "EndLine": 3 45 } 46 ] 47 }, 48 { 49 "ID": "phoenix@1.6.13", 50 "Name": "phoenix", 51 "Version": "1.6.13", 52 "Layer": {}, 53 "Locations": [ 54 { 55 "StartLine": 4, 56 "EndLine": 4 57 } 58 ] 59 }, 60 { 61 "ID": "phoenix_html@3.2.0", 62 "Name": "phoenix_html", 63 "Version": "3.2.0", 64 "Layer": {}, 65 "Locations": [ 66 { 67 "StartLine": 5, 68 "EndLine": 5 69 } 70 ] 71 }, 72 { 73 "ID": "phoenix_pubsub@2.1.1", 74 "Name": "phoenix_pubsub", 75 "Version": "2.1.1", 76 "Layer": {}, 77 "Locations": [ 78 { 79 "StartLine": 6, 80 "EndLine": 6 81 } 82 ] 83 }, 84 { 85 "ID": "phoenix_template@1.0.0", 86 "Name": "phoenix_template", 87 "Version": "1.0.0", 88 "Layer": {}, 89 "Locations": [ 90 { 91 "StartLine": 7, 92 "EndLine": 7 93 } 94 ] 95 }, 96 { 97 "ID": "phoenix_view@2.0.1", 98 "Name": "phoenix_view", 99 "Version": "2.0.1", 100 "Layer": {}, 101 "Locations": [ 102 { 103 "StartLine": 8, 104 "EndLine": 8 105 } 106 ] 107 }, 108 { 109 "ID": "plug@1.14.0", 110 "Name": "plug", 111 "Version": "1.14.0", 112 "Layer": {}, 113 "Locations": [ 114 { 115 "StartLine": 9, 116 "EndLine": 9 117 } 118 ] 119 }, 120 { 121 "ID": "plug_crypto@1.2.3", 122 "Name": "plug_crypto", 123 "Version": "1.2.3", 124 "Layer": {}, 125 "Locations": [ 126 { 127 "StartLine": 10, 128 "EndLine": 10 129 } 130 ] 131 }, 132 { 133 "ID": "telemetry@1.1.0", 134 "Name": "telemetry", 135 "Version": "1.1.0", 136 "Layer": {}, 137 "Locations": [ 138 { 139 "StartLine": 11, 140 "EndLine": 11 141 } 142 ] 143 } 144 ], 145 "Vulnerabilities": [ 146 { 147 "VulnerabilityID": "CVE-2022-42975", 148 "PkgID": "phoenix@1.6.13", 149 "PkgName": "phoenix", 150 "InstalledVersion": "1.6.13", 151 "FixedVersion": "1.6.14", 152 "Status": "fixed", 153 "Layer": {}, 154 "SeveritySource": "ghsa", 155 "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42975", 156 "DataSource": { 157 "ID": "ghsa", 158 "Name": "GitHub Security Advisory Erlang", 159 "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Aerlang" 160 }, 161 "Title": "Phoenix before 1.6.14 mishandles check_origin wildcarding", 162 "Description": "socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.", 163 "Severity": "HIGH", 164 "CVSS": { 165 "ghsa": { 166 "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", 167 "V3Score": 7.5 168 } 169 }, 170 "References": [ 171 "https://nvd.nist.gov/vuln/detail/CVE-2022-42975", 172 "https://github.com/phoenixframework/phoenix/commit/6e7185b33a59e0b1d1c0b4223adf340a73e963ae", 173 "https://hexdocs.pm/phoenix/1.6.14/changelog.html#1-6-14-2022-10-10", 174 "https://github.com/advisories/GHSA-p8f7-22gq-m7j9" 175 ], 176 "PublishedDate": "2022-10-17T12:00:27Z", 177 "LastModifiedDate": "2022-10-18T18:01:44Z" 178 } 179 ] 180 } 181 ] 182 }