Cloudsmith - Repositories - myob (myob) - appsec (appsec) - trufflehog

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
filename:my-package.ext

Search by package tag:
tag:latest

Search by package version:
version:1.0.0 prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Go, Helm, Hex, LuaRocks, Maven, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Public — myob / appsec

public appsec packages

trufflehog 3568c89c024ac974a3e9abdeb76…

Download

One-liner (summary)

A certifiably-awesome package curated by ops-arch bot, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by ops-arch bot, hosted by Cloudsmith.

License

Unknown

Size

42.3 MB

Downloads

Tags

image amd64 linux

Status	Quarantined
Checksum (MD5)	0016d815a1b85812e71fd53cabc60e6d
Checksum (SHA-1)	e1937f303dea82208db1fb2aed917a8e085f0f70
Checksum (SHA-256)	3568c89c024ac974a3e9abdeb7654ecfee61e20ce4a60737043170b5538e71c2
Checksum (SHA-512)	728ef5945e55f87105a722433dd100baa350ae21bbe5e3a4e41ea478298a8ee43d…
GPG Signature	Download
GPG Fingerprint	b37cb02108d5d7b2c7269a09acf5c48b429db520
Storage Region	Dublin, Ireland
Type	Binary (contains binaries and binary artifacts)
Uploaded At	10 months, 1 week ago
Uploaded By
Slug Id	trufflehog-fg4u
Unique Id	exFGXJNTRwoE
Version (Raw)	3568c89c024ac974a3e9abdeb7654ecfee61e20ce4a60737043170b5538e71c2
Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:3568c89c024ac974a3e9abdeb7654ecfee61e20ce4a60737043170b5538e71c2
Config Digest	sha256:27922b879f502bbf0bbbb4b4620c45a1939e4285a5ccc9c962be0d0bbc7e4219
V1 OCI Index Digest	sha256:c6fcd27f51ba11d0e3b5f3be59a8e45540711364df0cb6f84d26c109fd53b758
V1 Distribution (Signed) Digest	sha256:bfec2fc6609e559cc8b7286a5f16787538de2a3fc3831bb20f66fc963d428850
V1 OCI Digest	sha256:873c6c452d3cb52239cd9daed8127e44a5525aa307c9a44cfbf57ed946c473ab
V2 Distribution List Digest	sha256:cd41ca3ec8023f12d0096bfa4f7dd8ff64b6c92d5db381e1e841a3386d071b52
V1 Distribution Digest	sha256:579269243f4eb5bdbb48c9a9cb4e00e52ba19739ce48fad50813271af252de30
V2 Distribution Digest	sha256:3568c89c024ac974a3e9abdeb7654ecfee61e20ce4a60737043170b5538e71c2
	extended metadata
Manifest Type	V2 Distribution
Architecture	amd64
Config	Args Escaped Entrypoint /entrypoint.sh Env GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D \| LANG=C.UTF-8 \| PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \| PYTHON_GET_PIP_SHA256=6fb7b781206356f45ad79efbb19322caa6c2a5ad39092d0d44d0fec94117e118 \| PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/66d8a0f637083e2c3ddffc0cb1e65ce126afb856/public/get-pip.py \| PYTHON_PIP_VERSION=24.0 \| PYTHON_SETUPTOOLS_VERSION=65.5.1 \| PYTHON_VERSION=3.11.9 User nonroot
Created	2024-08-08 03:22:45 UTC
Os	linux

This package was uploaded with the following V2 Distribution manifest:

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 9340,
      "digest": "sha256:1f4f8e1a8053d5bfb1b21c386a1fbfc07635890806125aed5e4f1da75400181a"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 3622892,
         "digest": "sha256:c6a83fedfae6ed8a4f5f7cbb6a7b6f1c1ec3d86fea8cb9e5ba2e5e6673fde9f6"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 461810,
         "digest": "sha256:b9dc4119f2ec8172c585e3a6b9dd1dead61612cab2ebab820703fd122a07129b"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 12672294,
         "digest": "sha256:545d94f91829cfc9031a9578cf5a2238f285cc0f2e04203dd32613f2a55cfeb6"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 230,
         "digest": "sha256:4271f5ef1d3946e791b3cf6b9748767d9c8a5a299fc0ddc3d0dffcc2bec5b52c"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 3129972,
         "digest": "sha256:780f71a8607261eb6b1fea0f26d806767a3730696c0ff0a99ca4fad403c01839"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 5928309,
         "digest": "sha256:d471aec6e4cf317a5b92cd65337791e7d693e007b3dab04695d443a3f2d39104"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 8930331,
         "digest": "sha256:0edf2b2f488fd4f462d4a0369a5afdb74f43d4e8a1552d113e43887c3d277431"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 453,
         "digest": "sha256:572a81d201c2b8c8b81e8751470826c8dd127d0823e13cbcac217d2d7ecce92d"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 996,
         "digest": "sha256:5dea70fedd4af5cd5f7d8e0eb37f440a1a4f139bd0884607c1bc605f23a6e9c7"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 936,
         "digest": "sha256:420b45e52fbcca712648c06ab8fc7f673924a26152f12071eeeb0f99ef08e67b"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 1479,
         "digest": "sha256:1f43db6fe77d35d1db6d83f539255fbbeb95187878a8679d9a0bf283b7a47f8a"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 4784859,
         "digest": "sha256:1597c9ea174c47e0b4821de058d273a57edfd37642aa27677cdb94116a6cf2f1"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 968,
         "digest": "sha256:f8dab6d4cdb2024e06b70c9e86d385bdb643100b832b39a106478174ea79f453"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 4784928,
         "digest": "sha256:985c7581e6a0141fb08006de75407e897033d61dca63777f43b53ce207d07081"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 966,
         "digest": "sha256:e3d2719421011dbb6e54d0b583f40bac6fafcf6903700a134f3dac07a6ab8687"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 163,
         "digest": "sha256:a644a95450660f8b78a78f9e1f5ed27c5ae4c6b8a73d0f8e23078a31b4ec3f85"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 141,
         "digest": "sha256:8b2293707191f1849e424c35c7a467fe3459e1b6aecea8363ad86553c9ee21fd"
      }
   ]
}

	Digest: sha256:c6a83fedfae6ed8a4f5f7cbb6a7b6f1c1ec3d86fea8cb9e5ba2e5e6673fde9f6 Command: /bin/sh -c #(nop) ADD file:99093095d62d0421541d882f9ceeddb2981fe701ec0aa9d2c08480712d5fed21 in /	3.5 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) CMD ["/bin/sh"]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV LANG=C.UTF-8	32 bytes
	Digest: sha256:b9dc4119f2ec8172c585e3a6b9dd1dead61612cab2ebab820703fd122a07129b Command: RUN /bin/sh -c set -eux; apk add --no-cache ca-certificates tzdata ; # buildkit	451.0 KB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_VERSION=3.11.9	32 bytes
	Digest: sha256:545d94f91829cfc9031a9578cf5a2238f285cc0f2e04203dd32613f2a55cfeb6 Command: RUN /bin/sh -c set -eux; apk add --no-cache --virtual .build-deps gnupg tar xz bluez-dev bzip2-dev dpkg-dev dpkg expat-dev findutils gcc gdbm-dev libc-dev libffi-dev libnsl-dev libtirpc-dev linux-headers make ncurses-dev openssl-dev pax-utils readline-dev sqlite-dev tcl-dev tk tk-dev util-linux-dev xz-dev zlib-dev ; wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]}/Python-$PYTHON_VERSION.tar.xz"; wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]}/Python-$PYTHON_VERSION.tar.xz.asc"; GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; gpg --batch --verify python.tar.xz.asc python.tar.xz; gpgconf --kill all; rm -rf "$GNUPGHOME" python.tar.xz.asc; mkdir -p /usr/src/python; tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; rm python.tar.xz; cd /usr/src/python; gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; ./configure --build="$gnuArch" --enable-loadable-sqlite-extensions $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') --enable-option-checking=fatal --enable-shared --with-lto --with-system-expat --without-ensurepip ; nproc="$(nproc)"; EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; LDFLAGS="${LDFLAGS:--Wl},--strip-all"; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:-}" "PROFILE_TASK=${PROFILE_TASK:-}" ; rm python; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" "PROFILE_TASK=${PROFILE_TASK:-}" python ; make install; cd /; rm -rf /usr/src/python; find /usr/local -depth $ \( -type d -a \( -name test -o -name tests -o -name idle_test $ \) -o $ -type f -a \( -name '.pyc' -o -name '.pyo' -o -name 'libpython.a' $ \) \) -exec rm -rf '{}' + ; find /usr/local -type f -executable -not $ -name 'tkinter*' $ -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \| tr ',' '\n' \| sort -u \| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \| xargs -rt apk add --no-network --virtual .python-rundeps ; apk del --no-network .build-deps; python3 --version # buildkit	12.1 MB
	Digest: sha256:4271f5ef1d3946e791b3cf6b9748767d9c8a5a299fc0ddc3d0dffcc2bec5b52c Command: RUN /bin/sh -c set -eux; for src in idle3 pydoc3 python3 python3-config; do dst="$(echo "$src" \| tr -d 3)"; [ -s "/usr/local/bin/$src" ]; [ ! -e "/usr/local/bin/$dst" ]; ln -svT "$src" "/usr/local/bin/$dst"; done # buildkit	230 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_PIP_VERSION=24.0	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_SETUPTOOLS_VERSION=65.5.1	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/66d8a0f637083e2c3ddffc0cb1e65ce126afb856/public/get-pip.py	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_GET_PIP_SHA256=6fb7b781206356f45ad79efbb19322caa6c2a5ad39092d0d44d0fec94117e118	32 bytes
	Digest: sha256:780f71a8607261eb6b1fea0f26d806767a3730696c0ff0a99ca4fad403c01839 Command: RUN /bin/sh -c set -eux; wget -O get-pip.py "$PYTHON_GET_PIP_URL"; echo "$PYTHON_GET_PIP_SHA256 *get-pip.py" \| sha256sum -c -; export PYTHONDONTWRITEBYTECODE=1; python get-pip.py --disable-pip-version-check --no-cache-dir --no-compile "pip==$PYTHON_PIP_VERSION" "setuptools==$PYTHON_SETUPTOOLS_VERSION" ; rm -f get-pip.py; pip --version # buildkit	3.0 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: CMD ["python3"]	32 bytes
	Digest: sha256:d471aec6e4cf317a5b92cd65337791e7d693e007b3dab04695d443a3f2d39104 Command: RUN /bin/sh -c apk add --no-cache git less # buildkit	5.7 MB
	Digest: sha256:0edf2b2f488fd4f462d4a0369a5afdb74f43d4e8a1552d113e43887c3d277431 Command: RUN /bin/sh -c pip install gitdb2==3.0.0 truffleHog==2.2.1 setuptools[core]==70.0.0 # buildkit	8.5 MB
	Digest: sha256:572a81d201c2b8c8b81e8751470826c8dd127d0823e13cbcac217d2d7ecce92d Command: RUN /bin/sh -c addgroup -S nonroot # buildkit	453 bytes
	Digest: sha256:5dea70fedd4af5cd5f7d8e0eb37f440a1a4f139bd0884607c1bc605f23a6e9c7 Command: RUN /bin/sh -c adduser -D -G nonroot nonroot # buildkit	996 bytes
	Digest: sha256:420b45e52fbcca712648c06ab8fc7f673924a26152f12071eeeb0f99ef08e67b Command: COPY entrypoint.sh /entrypoint.sh # buildkit	936 bytes
	Digest: sha256:1f43db6fe77d35d1db6d83f539255fbbeb95187878a8679d9a0bf283b7a47f8a Command: COPY regex.json /regex.json # buildkit	1.4 KB
	Digest: sha256:1597c9ea174c47e0b4821de058d273a57edfd37642aa27677cdb94116a6cf2f1 Command: COPY /bin/git-credential-myob /bin/git-credential-myob # buildkit	4.6 MB
	Digest: sha256:f8dab6d4cdb2024e06b70c9e86d385bdb643100b832b39a106478174ea79f453 Command: RUN /bin/sh -c chmod +x /entrypoint.sh # buildkit	968 bytes
	Digest: sha256:985c7581e6a0141fb08006de75407e897033d61dca63777f43b53ce207d07081 Command: RUN /bin/sh -c chmod g+x /bin/git-credential-myob # buildkit	4.6 MB
	Digest: sha256:e3d2719421011dbb6e54d0b583f40bac6fafcf6903700a134f3dac07a6ab8687 Command: RUN /bin/sh -c chmod g+x /entrypoint.sh # buildkit	966 bytes
	Digest: sha256:a644a95450660f8b78a78f9e1f5ed27c5ae4c6b8a73d0f8e23078a31b4ec3f85 Command: RUN /bin/sh -c mkdir /tmp/truffle # buildkit	163 bytes
	Digest: sha256:8b2293707191f1849e424c35c7a467fe3459e1b6aecea8363ad86553c9ee21fd Command: RUN /bin/sh -c chown -R nonroot:nonroot /tmp/truffle # buildkit	141 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: USER nonroot	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENTRYPOINT ["/entrypoint.sh"]	32 bytes

trufflehog a59128c97d044f6e03004f45f8ef7caa1a18c5b…	image amd64 linux 19c4d2f6678cacdc28e… 39.2 MB — 1 year ago	0
trufflehog dee383798f60a930333da09b5d90a2f46a9ef4a…	image amd64 linux 956ef85e2ce66273544… 38.5 MB — 1 year ago	0
trufflehog 70315e5910f629da5f152cc34e9996eee67da94…	image amd64 linux ee383c5b98096d89ee5… 38.5 MB — 1 year ago	0
trufflehog f15757d9516bc0a7ed34f4ffea1a3ab6984d51c…	image amd64 linux 3d6754c6ba88531ba7f… 38.5 MB — 1 year, 1 month ago	15538
trufflehog 854c45dd9bc901405206ad319ec685164cde793…	image amd64 linux 0ab211a9f0c3f7bd3c0… 38.5 MB — 1 year, 1 month ago	0
trufflehog 7ab713e713c2508c290c7be09ff7e865813743f…	image amd64 linux 0526b281abaf386ae40… 38.2 MB — 1 year, 1 month ago	0
trufflehog aab42c3ff28fe11831ccd5a84736df770769e7e…	image amd64 linux 2c5599db012c5a631e7… 38.5 MB — 1 year, 1 month ago	0
trufflehog 7f8bae9fe573d0b590d25c66c501b9058944ef4…	image amd64 linux f2608c331a60ae6e1b4… 39.7 MB — 1 year, 1 month ago	1
trufflehog 8dc6bc1a1283f9ff6f196e418e6eae6b78c8610…	image amd64 linux 2cef68c479766201741… 39.7 MB — 1 year, 1 month ago	0
trufflehog a940d1ed5842e7b281dc0dfa54ea7aa992a8312…	image amd64 linux b5731b499c6d842fe00… 21028a72563441c169c… 39.7 MB — 1 year, 1 month ago	2
trufflehog 5035e460e0a9a3db3149815478d67c43a1b3278…	image amd64 linux 1c60234b0b33fdd430f… 35.9 MB — 1 year, 1 month ago	22
trufflehog 83b94ae5dc10278eb5de1d43ce9876be6eb0af3…	image amd64 linux 7a37dbd6254a1db1162… 35.4 MB — 1 year, 1 month ago	1
trufflehog 3568c89c024ac974a3e9abdeb7654ecfee61e20…	image amd64 linux 42.3 MB — 10 months, 1 week ago	0
trufflehog 1174e804b216d3279f10e3725748f5c53eac5ab…	image amd64 linux 0d8a928c5595ccc5aa4… 38.5 MB — 1 year ago	0
trufflehog 1dc445e9bc6c282c00be42690561584e7ba9a20…	image amd64 linux 1b65298fdd8fa5294fe… 38.2 MB — 1 year, 1 month ago	1
trufflehog 1e343f5e3d1ad42e1ce0816d997644d6936a32e…	image amd64 linux 35.9 MB — 1 year, 1 month ago	156
trufflehog 0ef3c29311c8a9cdabc3ae4bc2ce3aff3552841…	image amd64 linux 5db7cd6f4e56c0f142f… 35.6 MB — 1 year, 7 months ago	36
trufflehog 138b8c072de062187bf8119322fc2db6ded19ec…	image amd64 linux 9625dc71921766a4059… 35.9 MB — 1 year, 10 months ago	105
trufflehog 29d6ea7cb79a4b6cb4d4a4a38f656bcba539d65…	image amd64 linux 59c2da82cb47c07cba8… 31.6 MB — 2 years, 7 months ago	14
trufflehog 168edf884b91dc844a437bb343a7b2e6eb53bae…	image amd64 linux bd2493b666949b2dd89… 31.6 MB — 2 years, 9 months ago	1

Only packages within the same repository are displayed. The current package you're viewing is highlighted.

Last scanned

10 months, 1 week ago

Scan result

Vulnerable

Vulnerability count

Max. severity

Critical

Target:	Python
CRITICAL	CVE-2023-40267: GitPython: Insecure non-multi options in clone and clone_from is not blocked GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.32 References: access.redhat.com github.com github.com github.com github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com www.cve.org
HIGH	CVE-2022-24439: GitPython: improper user input validation leads into a RCE All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.30 References: access.redhat.com github.com github.com github.com github.com github.com github.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.snyk.io ubuntu.com www.cve.org
HIGH	CVE-2023-40590: gitpython: improper executable lookup on windows GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\Program Files\\Git\\cmd\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.33 References: access.redhat.com docs.python.org github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov www.cve.org
HIGH	CVE-2024-22190: Untrusted search path under some conditions on Windows allows arbitrary code execution GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.41 References: github.com github.com github.com github.com github.com nvd.nist.gov
MEDIUM	CVE-2023-41040: GitPython: Blind local file inclusion GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.37 References: access.redhat.com github.com github.com github.com github.com github.com github.com github.com lists.debian.org nvd.nist.gov www.cve.org
Target:	bin/git-credential-myob
MEDIUM	CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. Package Name: golang.org/x/net Installed Version: v0.17.0 Fixed Version: 0.23.0 References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org go.dev go.dev groups.google.com kb.cert.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nowotarski.info nowotarski.info nvd.nist.gov pkg.go.dev security.netapp.com security.netapp.com ubuntu.com www.cve.org www.kb.cert.org

Previous Version: 1174e804b216d3279f1…

Next Version: 83b94ae5dc10278eb5d…

trufflehog 3568c89c024ac974a3e9abdeb76…

One-liner (summary)

Description

License

Size

Downloads

Tags

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2023-40267: GitPython: Insecure non-multi options in clone and clone_from is not blocked

CVE-2022-24439: GitPython: improper user input validation leads into a RCE

CVE-2023-40590: gitpython: improper executable lookup on windows

CVE-2024-22190: Untrusted search path under some conditions on Windows allows arbitrary code execution

CVE-2023-41040: GitPython: Blind local file inclusion

CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS