github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/integration/testdata/pnpm.json.golden

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/integration/testdata/pnpm.json.golden (about)

     1  {
     2    "SchemaVersion": 2,
     3    "CreatedAt": "2021-08-25T12:20:30.000000005Z",
     4    "ArtifactName": "testdata/fixtures/repo/pnpm",
     5    "ArtifactType": "repository",
     6    "Metadata": {
     7      "ImageConfig": {
     8        "architecture": "",
     9        "created": "0001-01-01T00:00:00Z",
    10        "os": "",
    11        "rootfs": {
    12          "type": "",
    13          "diff_ids": null
    14        },
    15        "config": {}
    16      }
    17    },
    18    "Results": [
    19      {
    20        "Target": "pnpm-lock.yaml",
    21        "Class": "lang-pkgs",
    22        "Type": "pnpm",
    23        "Vulnerabilities": [
    24          {
    25            "VulnerabilityID": "CVE-2019-11358",
    26            "PkgID": "jquery@3.3.9",
    27            "PkgName": "jquery",
    28            "InstalledVersion": "3.3.9",
    29            "FixedVersion": "3.4.0",
    30            "Status": "fixed",
    31            "Layer": {},
    32            "SeveritySource": "ghsa",
    33            "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11358",
    34            "DataSource": {
    35              "ID": "ghsa",
    36              "Name": "GitHub Security Advisory Npm",
    37              "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm"
    38            },
    39            "Title": "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection",
    40            "Description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
    41            "Severity": "MEDIUM",
    42            "CweIDs": [
    43              "CWE-79"
    44            ],
    45            "CVSS": {
    46              "nvd": {
    47                "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    48                "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
    49                "V2Score": 4.3,
    50                "V3Score": 6.1
    51              },
    52              "redhat": {
    53                "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
    54                "V3Score": 5.6
    55              }
    56            },
    57            "References": [
    58              "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html",
    59              "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html",
    60              "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
    61              "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
    62              "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
    63              "http://seclists.org/fulldisclosure/2019/May/10",
    64              "http://seclists.org/fulldisclosure/2019/May/11",
    65              "http://seclists.org/fulldisclosure/2019/May/13",
    66              "http://www.openwall.com/lists/oss-security/2019/06/03/2",
    67              "http://www.securityfocus.com/bid/108023",
    68              "https://access.redhat.com/errata/RHBA-2019:1570",
    69              "https://access.redhat.com/errata/RHSA-2019:1456",
    70              "https://access.redhat.com/errata/RHSA-2019:2587",
    71              "https://access.redhat.com/errata/RHSA-2019:3023",
    72              "https://access.redhat.com/errata/RHSA-2019:3024",
    73              "https://access.redhat.com/security/cve/CVE-2019-11358",
    74              "https://backdropcms.org/security/backdrop-sa-core-2019-009",
    75              "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
    76              "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358",
    77              "https://github.com/DanielRuf/snyk-js-jquery-174006?files=1",
    78              "https://github.com/advisories/GHSA-6c3j-c64m-qhgq",
    79              "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
    80              "https://github.com/jquery/jquery/pull/4333",
    81              "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434",
    82              "https://hackerone.com/reports/454365",
    83              "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
    84              "https://linux.oracle.com/cve/CVE-2019-11358.html",
    85              "https://linux.oracle.com/errata/ELSA-2020-4847.html",
    86              "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E",
    87              "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
    88              "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E",
    89              "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E",
    90              "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E",
    91              "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
    92              "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E",
    93              "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
    94              "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E",
    95              "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
    96              "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E",
    97              "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E",
    98              "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E",
    99              "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E",
   100              "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E",
   101              "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E",
   102              "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E",
   103              "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E",
   104              "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E",
   105              "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html",
   106              "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html",
   107              "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html",
   108              "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/",
   109              "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/",
   110              "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/",
   111              "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/",
   112              "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/",
   113              "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/",
   114              "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
   115              "https://seclists.org/bugtraq/2019/Apr/32",
   116              "https://seclists.org/bugtraq/2019/Jun/12",
   117              "https://seclists.org/bugtraq/2019/May/18",
   118              "https://security.netapp.com/advisory/ntap-20190919-0001/",
   119              "https://snyk.io/vuln/SNYK-JS-JQUERY-174006",
   120              "https://www.debian.org/security/2019/dsa-4434",
   121              "https://www.debian.org/security/2019/dsa-4460",
   122              "https://www.drupal.org/sa-core-2019-006",
   123              "https://www.oracle.com//security-alerts/cpujul2021.html",
   124              "https://www.oracle.com/security-alerts/cpuApr2021.html",
   125              "https://www.oracle.com/security-alerts/cpuapr2020.html",
   126              "https://www.oracle.com/security-alerts/cpujan2020.html",
   127              "https://www.oracle.com/security-alerts/cpujan2021.html",
   128              "https://www.oracle.com/security-alerts/cpujul2020.html",
   129              "https://www.oracle.com/security-alerts/cpuoct2020.html",
   130              "https://www.oracle.com/security-alerts/cpuoct2021.html",
   131              "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
   132              "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
   133              "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/",
   134              "https://www.synology.com/security/advisory/Synology_SA_19_19",
   135              "https://www.tenable.com/security/tns-2019-08",
   136              "https://www.tenable.com/security/tns-2020-02"
   137            ],
   138            "PublishedDate": "2019-04-20T00:29:00Z",
   139            "LastModifiedDate": "2021-10-20T11:15:00Z"
   140          },
   141          {
   142            "VulnerabilityID": "CVE-2019-10744",
   143            "PkgID": "lodash@4.17.4",
   144            "PkgName": "lodash",
   145            "InstalledVersion": "4.17.4",
   146            "FixedVersion": "4.17.12",
   147            "Status": "fixed",
   148            "Layer": {},
   149            "SeveritySource": "ghsa",
   150            "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10744",
   151            "DataSource": {
   152              "ID": "ghsa",
   153              "Name": "GitHub Security Advisory Npm",
   154              "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm"
   155            },
   156            "Title": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties",
   157            "Description": "Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.",
   158            "Severity": "CRITICAL",
   159            "CVSS": {
   160              "nvd": {
   161                "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
   162                "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
   163                "V2Score": 6.4,
   164                "V3Score": 9.1
   165              },
   166              "redhat": {
   167                "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
   168                "V3Score": 9.1
   169              }
   170            },
   171            "References": [
   172              "https://access.redhat.com/errata/RHSA-2019:3024",
   173              "https://access.redhat.com/security/cve/CVE-2019-10744",
   174              "https://github.com/advisories/GHSA-jf85-cpcp-j695",
   175              "https://github.com/lodash/lodash/pull/4336",
   176              "https://nvd.nist.gov/vuln/detail/CVE-2019-10744",
   177              "https://security.netapp.com/advisory/ntap-20191004-0005/",
   178              "https://snyk.io/vuln/SNYK-JS-LODASH-450202",
   179              "https://support.f5.com/csp/article/K47105354?utm_source=f5support\u0026amp;utm_medium=RSS",
   180              "https://www.npmjs.com/advisories/1065",
   181              "https://www.oracle.com/security-alerts/cpujan2021.html",
   182              "https://www.oracle.com/security-alerts/cpuoct2020.html"
   183            ],
   184            "PublishedDate": "2019-07-26T00:15:00Z",
   185            "LastModifiedDate": "2021-03-16T13:57:00Z"
   186          }
   187        ]
   188      }
   189    ]
   190  }