feat: add security sink detection patterns for JavaScript/TypeScript
- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations). - Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns. - Added `package-lock.json` for dependency management.
This commit is contained in:
StellaOps Bot
@@ -0,0 +1,994 @@
|
||||
[
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2018-25032",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.11-r4",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.11-r4",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2018-25032:v3.18/main:zlib:1.2.11-r4",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.11-r4",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.11-r4",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.18/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.18/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2018-25032",
|
||||
"alpine/cve-2018-25032"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2018-25032",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2018-25032"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-30139",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.5-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.5-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-30139:v3.18/main:apk-tools:2.12.5-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.5-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.5-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.18/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.18/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-30139",
|
||||
"alpine/cve-2021-30139"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-30139",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-30139"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-36159",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.6-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.6-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-36159:v3.18/main:apk-tools:2.12.6-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.6-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.6-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.18/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.18/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-36159",
|
||||
"alpine/cve-2021-36159"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-36159",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-36159"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2022-37434",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.12-r2",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.12-r2",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2022-37434:v3.18/main:zlib:1.2.12-r2",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.12-r2",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.12-r2",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.18/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.18/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2022-37434",
|
||||
"alpine/cve-2022-37434"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2022-37434",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2022-37434"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42363",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r7",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r7",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42363:v3.18/main:busybox:1.36.1-r7",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r7",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r7",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42363:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42363:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42363",
|
||||
"alpine/cve-2023-42363"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42363",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42363"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42364",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r7",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r7",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42364:v3.18/main:busybox:1.36.1-r7",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r7",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r7",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42364",
|
||||
"alpine/cve-2023-42364"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42364",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42364"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42365",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r7",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r7",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42365:v3.18/main:busybox:1.36.1-r7",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r7",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r7",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42365",
|
||||
"alpine/cve-2023-42365"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42365",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42365"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42366",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r6",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r6",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42366:v3.18/main:busybox:1.36.1-r6",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r6",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r6",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42366:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42366:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42366",
|
||||
"alpine/cve-2023-42366"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42366",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42366"
|
||||
}
|
||||
]
|
||||
@@ -0,0 +1,994 @@
|
||||
[
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2018-25032",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.11-r4",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.11-r4",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2018-25032:v3.19/main:zlib:1.2.11-r4",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.11-r4",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.11-r4",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.19/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.19/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2018-25032",
|
||||
"alpine/cve-2018-25032"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2018-25032",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2018-25032"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-30139",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.5-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.5-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-30139:v3.19/main:apk-tools:2.12.5-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.5-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.5-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.19/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.19/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-30139",
|
||||
"alpine/cve-2021-30139"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-30139",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-30139"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-36159",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.6-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.6-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-36159:v3.19/main:apk-tools:2.12.6-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.6-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.6-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.19/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.19/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-36159",
|
||||
"alpine/cve-2021-36159"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-36159",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-36159"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2022-37434",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.12-r2",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.12-r2",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2022-37434:v3.19/main:zlib:1.2.12-r2",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.12-r2",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.12-r2",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.19/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.19/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2022-37434",
|
||||
"alpine/cve-2022-37434"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2022-37434",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2022-37434"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42364",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r19",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r19",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42364:v3.19/main:busybox:1.36.1-r19",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r19",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r19",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42364",
|
||||
"alpine/cve-2023-42364"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42364",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42364"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42365",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r19",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r19",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42365:v3.19/main:busybox:1.36.1-r19",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r19",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r19",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42365",
|
||||
"alpine/cve-2023-42365"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42365",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42365"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2024-58251",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r21",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r21",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2024-58251:v3.19/main:busybox:1.36.1-r21",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r21",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r21",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2024-58251:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2024-58251:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2024-58251",
|
||||
"alpine/cve-2024-58251"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2024-58251",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2024-58251"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2025-46394",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r21",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r21",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2025-46394:v3.19/main:busybox:1.36.1-r21",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r21",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r21",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2025-46394:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2025-46394:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2025-46394",
|
||||
"alpine/cve-2025-46394"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2025-46394",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2025-46394"
|
||||
}
|
||||
]
|
||||
@@ -0,0 +1,994 @@
|
||||
[
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2018-25032",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.11-r4",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.11-r4",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2018-25032:v3.20/main:zlib:1.2.11-r4",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.11-r4",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.11-r4",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.20/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.20/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2018-25032",
|
||||
"alpine/cve-2018-25032"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2018-25032",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2018-25032"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-30139",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.5-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.5-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-30139:v3.20/main:apk-tools:2.12.5-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.5-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.5-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.20/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.20/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-30139",
|
||||
"alpine/cve-2021-30139"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-30139",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-30139"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-36159",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.6-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.6-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-36159:v3.20/main:apk-tools:2.12.6-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.6-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.6-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.20/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.20/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-36159",
|
||||
"alpine/cve-2021-36159"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-36159",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-36159"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2022-37434",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.12-r2",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.12-r2",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2022-37434:v3.20/main:zlib:1.2.12-r2",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.12-r2",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.12-r2",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.20/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.20/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2022-37434",
|
||||
"alpine/cve-2022-37434"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2022-37434",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2022-37434"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42364",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r29",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r29",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42364:v3.20/main:busybox:1.36.1-r29",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r29",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r29",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42364",
|
||||
"alpine/cve-2023-42364"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42364",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42364"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42365",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r29",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r29",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42365:v3.20/main:busybox:1.36.1-r29",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r29",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r29",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42365",
|
||||
"alpine/cve-2023-42365"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42365",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42365"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2024-58251",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r31",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r31",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2024-58251:v3.20/main:busybox:1.36.1-r31",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r31",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r31",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2024-58251:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2024-58251:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2024-58251",
|
||||
"alpine/cve-2024-58251"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2024-58251",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2024-58251"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2025-46394",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r31",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r31",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2025-46394:v3.20/main:busybox:1.36.1-r31",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r31",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r31",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2025-46394:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2025-46394:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2025-46394",
|
||||
"alpine/cve-2025-46394"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2025-46394",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2025-46394"
|
||||
}
|
||||
]
|
||||
@@ -1,10 +1,16 @@
|
||||
using StellaOps.Concelier.Merge.Comparers;
|
||||
using StellaOps.Concelier.Normalization.Distro;
|
||||
using StellaOps.VersionComparison;
|
||||
|
||||
namespace StellaOps.Concelier.Merge.Tests;
|
||||
|
||||
public sealed class ApkVersionComparerTests
|
||||
{
|
||||
[Fact]
|
||||
public void ComparatorType_Returns_Apk()
|
||||
{
|
||||
Assert.Equal(ComparatorType.Apk, ApkVersionComparer.Instance.ComparatorType);
|
||||
}
|
||||
public static TheoryData<string, string, int, string> ComparisonCases => BuildComparisonCases();
|
||||
|
||||
[Theory]
|
||||
@@ -73,4 +79,104 @@ public sealed class ApkVersionComparerTests
|
||||
|
||||
return data;
|
||||
}
|
||||
|
||||
#region CompareWithProof Tests (SPRINT_4000_0002_0001)
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_BothNull_ReturnsEqual()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof(null, null);
|
||||
|
||||
Assert.Equal(0, result.Comparison);
|
||||
Assert.Equal(ComparatorType.Apk, result.Comparator);
|
||||
Assert.Contains("null", result.ProofLines[0].ToLower());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_LeftNull_ReturnsLess()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof(null, "1.0-r0");
|
||||
|
||||
Assert.Equal(-1, result.Comparison);
|
||||
Assert.Contains("null", result.ProofLines[0].ToLower());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_RightNull_ReturnsGreater()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.0-r0", null);
|
||||
|
||||
Assert.Equal(1, result.Comparison);
|
||||
Assert.Contains("null", result.ProofLines[0].ToLower());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_EqualVersions_ReturnsEqualWithProof()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3-r1", "1.2.3-r1");
|
||||
|
||||
Assert.Equal(0, result.Comparison);
|
||||
Assert.True(result.IsEqual);
|
||||
Assert.Contains(result.ProofLines, line => line.Contains("equal"));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_VersionDifference_ReturnsProofLines()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3-r0", "1.2.4-r0");
|
||||
|
||||
Assert.True(result.IsLessThan);
|
||||
Assert.NotEmpty(result.ProofLines);
|
||||
Assert.Contains(result.ProofLines, line =>
|
||||
line.Contains("Version") || line.Contains("older") || line.Contains("<"));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_PkgRelDifference_ReturnsProofWithPkgRel()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3-r1", "1.2.3-r2");
|
||||
|
||||
Assert.True(result.IsLessThan);
|
||||
Assert.Contains(result.ProofLines, line => line.Contains("release") || line.Contains("-r"));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_ImplicitVsExplicitPkgRel_ReturnsProofExplaining()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3", "1.2.3-r0");
|
||||
|
||||
Assert.True(result.IsLessThan);
|
||||
Assert.Contains(result.ProofLines, line => line.Contains("implicit") || line.Contains("explicit"));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_NewerVersion_ReturnsGreaterThanOrEqual()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.4-r0", "1.2.3-r0");
|
||||
|
||||
Assert.True(result.IsGreaterThan);
|
||||
Assert.True(result.IsGreaterThanOrEqual);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_InvalidVersions_FallsBackToStringComparison()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("", "");
|
||||
|
||||
Assert.Equal(0, result.Comparison);
|
||||
Assert.Contains(result.ProofLines, line =>
|
||||
line.Contains("invalid", StringComparison.OrdinalIgnoreCase) ||
|
||||
line.Contains("fallback", StringComparison.OrdinalIgnoreCase) ||
|
||||
line.Contains("equal", StringComparison.OrdinalIgnoreCase));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_ReturnsCorrectComparatorType()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.0-r0", "1.0-r1");
|
||||
|
||||
Assert.Equal(ComparatorType.Apk, result.Comparator);
|
||||
}
|
||||
|
||||
#endregion
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user