You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package
(implicit)
name:my-package
(explicit)
Search by package filename:
my-package.ext
(implicit)
filename:my-package.ext
(explicit)
Search by package tag:
latest
(implicit)
tag:latest
(explicit)
Search by package version:
1.0.0
(implicit)
version:1.0.0
(explicit)
prerelease:true
(prereleases)
prerelease:false
(no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo
for negation
For string queries, you can use:
^foo
to anchor to start of term
foo$
to anchor to end of term
foo*bar
for fuzzy matching
For number/date or version queries, you can use:
>foo
for values greater than
>=foo
for values greater / equal
<foo
for values less than
<=foo
for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Go,
Helm,
Hex,
LuaRocks,
Maven,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
publish 884b291336e8edae9ec7909a96e…
One-liner (summary)
Description
This package was uploaded with the following V2 Distribution manifest:
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"digest": "sha256:afe8144fa802e11330499b3490e1076d2f3aca13b1ca63a7dcead0a5828e07ab"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:c87736221ed0bcaa60b8e92a19bec2284899ef89226f2a07968677cf59e637a4"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:9031bbff6864e819c2ba1c573a549679636b5d62ad30448bb47f53aed199dab4"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:d93292d565ba6fd81f4eba9620a10539bc5a149f183bb6a6f63d2baf093f9cbb"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:fdaa285661e7a22c816618f35b9b5ea01bba49ace331912c85703cb1007dbf44"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:fdaa285661e7a22c816618f35b9b5ea01bba49ace331912c85703cb1007dbf44"
}
]
}
Digest:
sha256:c87736221ed0bcaa60b8e92a19bec2284899ef89226f2a07968677cf59e637a4
Command: /bin/sh -c #(nop) ADD file:38bc6b51693b13d84a63e281403e2f6d0218c44b1d7ff12157c4523f9f0ebb1e in / |
2.1 MB | ||
Digest:
sha256:9031bbff6864e819c2ba1c573a549679636b5d62ad30448bb47f53aed199dab4
Command: /bin/sh -c #(nop) CMD ["/bin/sh"] |
17.3 MB | ||
Digest:
sha256:d93292d565ba6fd81f4eba9620a10539bc5a149f183bb6a6f63d2baf093f9cbb
Command: /bin/sh -c apk update && apk add bash python3 |
4.9 MB | ||
Digest:
sha256:fdaa285661e7a22c816618f35b9b5ea01bba49ace331912c85703cb1007dbf44
Command: /bin/sh -c pip3 install cloudsmith-cli==0.10.0 |
1.4 KB | ||
Digest:
sha256:fdaa285661e7a22c816618f35b9b5ea01bba49ace331912c85703cb1007dbf44
Command: /bin/sh -c #(nop) ENTRYPOINT ["/pipe.sh"] |
1.4 KB |
Last scanned
3 years, 10 months ago
Scan result
Vulnerable
Vulnerability count
10
Max. severity
CriticalTarget: | /oci (alpine 3.8.4) | |
CRITICAL |
CVE-2019-12900: bzip2: out-of-bounds write in function BZ2_decompressBZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.Package Name: bzip2 Installed Version: 1.0.6-r6 Fixed Version: 1.0.6-r7 References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org packetstormsecurity.com packetstormsecurity.com bugs.launchpad.net cve.mitre.org gitlab.com lists.apache.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org seclists.org seclists.org security.freebsd.org support.f5.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.oracle.com |
|
CRITICAL |
CVE-2019-14697musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.Package Name: musl Installed Version: 1.1.19-r10 Fixed Version: 1.1.19-r11 References: www.openwall.com security.gentoo.org www.openwall.com |
|
CRITICAL |
CVE-2019-8457: sqlite: heap out-of-bound read in function rtreenode()SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.Package Name: sqlite Installed Version: 3.25.3-r0 Fixed Version: 3.25.3-r1 References: lists.opensuse.org cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com www.sqlite.org www.sqlite.org |
|
HIGH |
CVE-2018-20843: expat: large number of colons in input makes parser consume high amount of resources, leading to DoSIn libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).Package Name: expat Installed Version: 2.2.5-r0 Fixed Version: 2.2.7-r0 References: lists.opensuse.org bugs.chromium.org bugs.debian.org cve.mitre.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org seclists.org security.gentoo.org security.netapp.com support.f5.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.debian.org www.oracle.com www.oracle.com |
|
HIGH |
CVE-2019-15903: expat: heap-based buffer over-read via crafted XML inputIn libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.Package Name: expat Installed Version: 2.2.5-r0 Fixed Version: 2.2.7-r1 References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org packetstormsecurity.com packetstormsecurity.com packetstormsecurity.com seclists.org seclists.org seclists.org seclists.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org security.gentoo.org security.netapp.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.debian.org www.debian.org www.debian.org www.mozilla.org www.oracle.com www.oracle.com |
|
HIGH |
CVE-2019-16056: python: email.utils.parseaddr wrongly parses email addressesAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.Package Name: python3 Installed Version: 3.6.8-r0 Fixed Version: 3.6.8-r1 References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com bugs.python.org cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.oracle.com www.oracle.com |
|
HIGH |
CVE-2019-19244: sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usagesqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.Package Name: sqlite Installed Version: 3.25.3-r0 Fixed Version: 3.25.3-r3 References: cve.mitre.org github.com usn.ubuntu.com usn.ubuntu.com www.oracle.com |
|
MEDIUM |
CVE-2019-16935: python: XSS vulnerability in the documentation XML-RPC server in server_title fieldThe documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.Package Name: python3 Installed Version: 3.6.8-r0 Fixed Version: 3.6.9-r1 References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org bugs.python.org cve.mitre.org github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.oracle.com |
|
MEDIUM |
CVE-2019-16168: sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.cIn SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."Package Name: sqlite Installed Version: 3.25.3-r0 Fixed Version: 3.25.3-r2 References: lists.opensuse.org lists.opensuse.org cve.mitre.org lists.debian.org lists.fedoraproject.org security.gentoo.org security.netapp.com security.netapp.com usn.ubuntu.com usn.ubuntu.com www.mail-archive.com www.oracle.com www.oracle.com www.sqlite.org www.sqlite.org |
|
MEDIUM |
CVE-2019-19242: sqlite: SQL injection in sqlite3ExprCodeTarget in expr.cSQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.Package Name: sqlite Installed Version: 3.25.3-r0 Fixed Version: 3.25.3-r3 References: cve.mitre.org github.com usn.ubuntu.com usn.ubuntu.com www.oracle.com |
These instructions assume you have setup the repository first (or read it).
To pull publish @ reference/tag 0.1.1:
docker pull docker.cloudsmith.io/cloudsmith/bitbucket-pipes/publish:0.1.1
You can also pull the latest version of this image (if it exists):
docker pull docker.cloudsmith.io/cloudsmith/bitbucket-pipes/publish:latest
To refer to this image after pulling in a Dockerfile, specify the following:
FROM docker.cloudsmith.io/cloudsmith/bitbucket-pipes/publish:0.1.1