Cloudsmith - Repositories - myob (myob) - appsec (appsec) - trufflehog

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
filename:my-package.ext

Search by package tag:
tag:latest

Search by package version:
version:1.0.0 prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Go, Helm, Hex, LuaRocks, Maven, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Public — myob / appsec

public appsec packages

trufflehog 846a4b4fe329209770e8b7127bf…

Download

One-liner (summary)

A certifiably-awesome package curated by ops-arch bot, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by ops-arch bot, hosted by Cloudsmith.

License

Unknown

Size

108.4 MB

Downloads

Tags

image amd64 linux 6a0e4f691d5346c1bb3…

Status	Quarantined
Checksum (MD5)	ba81e439046ec783968858948eead301
Checksum (SHA-1)	a0c0aa03df7fef78d45a1fdce751b7a9a629197c
Checksum (SHA-256)	846a4b4fe329209770e8b7127bfae86418b322a29d80f56397ebe02d431cbbba
Checksum (SHA-512)	f64d98a28dbe286eb19ac6fd3eda34e7fd57d76c5636bf92f1cbe758e1cfba426b…
GPG Signature	Download
GPG Fingerprint	b37cb02108d5d7b2c7269a09acf5c48b429db520
Storage Region	Dublin, Ireland
Type	Binary (contains binaries and binary artifacts)
Uploaded At	10 months, 4 weeks ago
Uploaded By
Slug Id	trufflehog-e7lo
Unique Id	GTe7kgHiLdqV
Version (Raw)	846a4b4fe329209770e8b7127bfae86418b322a29d80f56397ebe02d431cbbba
Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:846a4b4fe329209770e8b7127bfae86418b322a29d80f56397ebe02d431cbbba
Config Digest	sha256:dfab3e3d502376ffdc5a2993d31d01d0fdf39726542a88ccdd0b81b1e3aaa1cd
V1 OCI Index Digest	sha256:e1b5fcac0973181042af2636438267bc715cd2fc4b20585c391f75c0ff3c0b2a
V1 Distribution (Signed) Digest	sha256:d7b0712ca1d69709c04afd0d32c9c35ac009ccbb89ec7eb4caf3fc9d92df5e5d
V1 OCI Digest	sha256:c2f685e1a0fdaa53bb0387f0af624224c5b75126ade4337da2aef8ae3d3a9ed8
V2 Distribution List Digest	sha256:21093895feea1852416c25deb9398944259b2370563a0b49dc8d02b7eb4dce80
V1 Distribution Digest	sha256:50beecc49976fa49495ad7a5177968efdf8a92741b2fa3126299a0d274173bc1
V2 Distribution Digest	sha256:846a4b4fe329209770e8b7127bfae86418b322a29d80f56397ebe02d431cbbba
	extended metadata
Manifest Type	V2 Distribution
Architecture	amd64
Config	Args Escaped Entrypoint /entrypoint.sh Env GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D \| LANG=C.UTF-8 \| PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \| PYTHON_GET_PIP_SHA256=6fb7b781206356f45ad79efbb19322caa6c2a5ad39092d0d44d0fec94117e118 \| PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/66d8a0f637083e2c3ddffc0cb1e65ce126afb856/public/get-pip.py \| PYTHON_PIP_VERSION=24.0 \| PYTHON_SETUPTOOLS_VERSION=65.5.1 \| PYTHON_VERSION=3.11.9 User nonroot
Created	2024-08-07 06:00:27 UTC
Os	linux

This package was uploaded with the following V2 Distribution manifest:

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 9549,
      "digest": "sha256:8fa798684fc33a547b5c1a9bb334ab745cea6857caaaa2adaa77b1b9a1d5a610"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 3622892,
         "digest": "sha256:c6a83fedfae6ed8a4f5f7cbb6a7b6f1c1ec3d86fea8cb9e5ba2e5e6673fde9f6"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 461810,
         "digest": "sha256:b9dc4119f2ec8172c585e3a6b9dd1dead61612cab2ebab820703fd122a07129b"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 12672294,
         "digest": "sha256:545d94f91829cfc9031a9578cf5a2238f285cc0f2e04203dd32613f2a55cfeb6"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 230,
         "digest": "sha256:4271f5ef1d3946e791b3cf6b9748767d9c8a5a299fc0ddc3d0dffcc2bec5b52c"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 3129972,
         "digest": "sha256:780f71a8607261eb6b1fea0f26d806767a3730696c0ff0a99ca4fad403c01839"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 5928305,
         "digest": "sha256:93c16c6fa27da466fd2105d8c37863d939f19e494412c3a4892a4cdb59a17859"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 8930337,
         "digest": "sha256:9996136219408e50675e9084aaaa6fcee2ab2190a0a2f80ac39793c576080e1a"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 452,
         "digest": "sha256:7f5f370affd47dbaca1ba8916bf185ef20cdad52b5add53356e6aab60727f855"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 996,
         "digest": "sha256:f41ec269751de36bac7d0f5e9da5392dfb30eb27ce3ffa5f4daed1635fd52a24"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 933,
         "digest": "sha256:d2ff951b873a88a1e3dd2b3ee72684689c55093311a4d487a6ef322c2d162c79"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 1478,
         "digest": "sha256:813c30c01d9b17cfb72531a1b4349b1cdd9205f551fb6c4f0418a82f9ab9e709"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 4784584,
         "digest": "sha256:82bef33bc2a461629002c56cf4dc4a26f3e49814eafde53e3ff10ba3363eceae"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 69362579,
         "digest": "sha256:c8bd7a827628552b6c3efbde33fcfa635dfc3f741d32bda20d58ca5b65968b9d"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 967,
         "digest": "sha256:1dedc2447eeb8beec1501b6650210cec2ac63e07e5768f66aee40980478b796c"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 4784654,
         "digest": "sha256:716944bd763a2679e0136c8aee39c9000d31fa72bb9d605892973686868512a3"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 967,
         "digest": "sha256:d64a26dd5fd016fb46a7f9cdc11085324589b81aa973f754437610ad515af60f"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 164,
         "digest": "sha256:19671b9c1de5b6a6926510200fbbd4cd3efd6c001a77c8eb926798e4e70e7739"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 142,
         "digest": "sha256:f04fa270ac83e2ca5b1b7f832ace80fb22866672950051039134ebfc02ac1ba9"
      }
   ]
}

	Digest: sha256:c6a83fedfae6ed8a4f5f7cbb6a7b6f1c1ec3d86fea8cb9e5ba2e5e6673fde9f6 Command: /bin/sh -c #(nop) ADD file:99093095d62d0421541d882f9ceeddb2981fe701ec0aa9d2c08480712d5fed21 in /	3.5 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) CMD ["/bin/sh"]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV LANG=C.UTF-8	32 bytes
	Digest: sha256:b9dc4119f2ec8172c585e3a6b9dd1dead61612cab2ebab820703fd122a07129b Command: RUN /bin/sh -c set -eux; apk add --no-cache ca-certificates tzdata ; # buildkit	451.0 KB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_VERSION=3.11.9	32 bytes
	Digest: sha256:545d94f91829cfc9031a9578cf5a2238f285cc0f2e04203dd32613f2a55cfeb6 Command: RUN /bin/sh -c set -eux; apk add --no-cache --virtual .build-deps gnupg tar xz bluez-dev bzip2-dev dpkg-dev dpkg expat-dev findutils gcc gdbm-dev libc-dev libffi-dev libnsl-dev libtirpc-dev linux-headers make ncurses-dev openssl-dev pax-utils readline-dev sqlite-dev tcl-dev tk tk-dev util-linux-dev xz-dev zlib-dev ; wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]}/Python-$PYTHON_VERSION.tar.xz"; wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]}/Python-$PYTHON_VERSION.tar.xz.asc"; GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; gpg --batch --verify python.tar.xz.asc python.tar.xz; gpgconf --kill all; rm -rf "$GNUPGHOME" python.tar.xz.asc; mkdir -p /usr/src/python; tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; rm python.tar.xz; cd /usr/src/python; gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; ./configure --build="$gnuArch" --enable-loadable-sqlite-extensions $(test "$gnuArch" != 'riscv64-linux-musl' && echo '--enable-optimizations') --enable-option-checking=fatal --enable-shared --with-lto --with-system-expat --without-ensurepip ; nproc="$(nproc)"; EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; LDFLAGS="${LDFLAGS:--Wl},--strip-all"; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:-}" "PROFILE_TASK=${PROFILE_TASK:-}" ; rm python; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" "PROFILE_TASK=${PROFILE_TASK:-}" python ; make install; cd /; rm -rf /usr/src/python; find /usr/local -depth $ \( -type d -a \( -name test -o -name tests -o -name idle_test $ \) -o $ -type f -a \( -name '.pyc' -o -name '.pyo' -o -name 'libpython.a' $ \) \) -exec rm -rf '{}' + ; find /usr/local -type f -executable -not $ -name 'tkinter*' $ -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \| tr ',' '\n' \| sort -u \| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \| xargs -rt apk add --no-network --virtual .python-rundeps ; apk del --no-network .build-deps; python3 --version # buildkit	12.1 MB
	Digest: sha256:4271f5ef1d3946e791b3cf6b9748767d9c8a5a299fc0ddc3d0dffcc2bec5b52c Command: RUN /bin/sh -c set -eux; for src in idle3 pydoc3 python3 python3-config; do dst="$(echo "$src" \| tr -d 3)"; [ -s "/usr/local/bin/$src" ]; [ ! -e "/usr/local/bin/$dst" ]; ln -svT "$src" "/usr/local/bin/$dst"; done # buildkit	230 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_PIP_VERSION=24.0	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_SETUPTOOLS_VERSION=65.5.1	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/66d8a0f637083e2c3ddffc0cb1e65ce126afb856/public/get-pip.py	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PYTHON_GET_PIP_SHA256=6fb7b781206356f45ad79efbb19322caa6c2a5ad39092d0d44d0fec94117e118	32 bytes
	Digest: sha256:780f71a8607261eb6b1fea0f26d806767a3730696c0ff0a99ca4fad403c01839 Command: RUN /bin/sh -c set -eux; wget -O get-pip.py "$PYTHON_GET_PIP_URL"; echo "$PYTHON_GET_PIP_SHA256 *get-pip.py" \| sha256sum -c -; export PYTHONDONTWRITEBYTECODE=1; python get-pip.py --disable-pip-version-check --no-cache-dir --no-compile "pip==$PYTHON_PIP_VERSION" "setuptools==$PYTHON_SETUPTOOLS_VERSION" ; rm -f get-pip.py; pip --version # buildkit	3.0 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: CMD ["python3"]	32 bytes
	Digest: sha256:93c16c6fa27da466fd2105d8c37863d939f19e494412c3a4892a4cdb59a17859 Command: RUN /bin/sh -c apk add --no-cache git less # buildkit	5.7 MB
	Digest: sha256:9996136219408e50675e9084aaaa6fcee2ab2190a0a2f80ac39793c576080e1a Command: RUN /bin/sh -c pip install gitdb2==3.0.0 truffleHog==2.2.1 setuptools[core]==70.0.0 # buildkit	8.5 MB
	Digest: sha256:7f5f370affd47dbaca1ba8916bf185ef20cdad52b5add53356e6aab60727f855 Command: RUN /bin/sh -c addgroup -S nonroot # buildkit	452 bytes
	Digest: sha256:f41ec269751de36bac7d0f5e9da5392dfb30eb27ce3ffa5f4daed1635fd52a24 Command: RUN /bin/sh -c adduser -D -G nonroot nonroot # buildkit	996 bytes
	Digest: sha256:d2ff951b873a88a1e3dd2b3ee72684689c55093311a4d487a6ef322c2d162c79 Command: COPY entrypoint.sh /entrypoint.sh # buildkit	933 bytes
	Digest: sha256:813c30c01d9b17cfb72531a1b4349b1cdd9205f551fb6c4f0418a82f9ab9e709 Command: COPY regex.json /regex.json # buildkit	1.4 KB
	Digest: sha256:82bef33bc2a461629002c56cf4dc4a26f3e49814eafde53e3ff10ba3363eceae Command: COPY /bin/git-credential-myob /bin/git-credential-myob # buildkit	4.6 MB
	Digest: sha256:c8bd7a827628552b6c3efbde33fcfa635dfc3f741d32bda20d58ca5b65968b9d Command: COPY /usr/local/go/ /usr/local/go/ # buildkit	66.1 MB
	Digest: sha256:1dedc2447eeb8beec1501b6650210cec2ac63e07e5768f66aee40980478b796c Command: RUN /bin/sh -c chmod +x /entrypoint.sh # buildkit	967 bytes
	Digest: sha256:716944bd763a2679e0136c8aee39c9000d31fa72bb9d605892973686868512a3 Command: RUN /bin/sh -c chmod g+x /bin/git-credential-myob # buildkit	4.6 MB
	Digest: sha256:d64a26dd5fd016fb46a7f9cdc11085324589b81aa973f754437610ad515af60f Command: RUN /bin/sh -c chmod g+x /entrypoint.sh # buildkit	967 bytes
	Digest: sha256:19671b9c1de5b6a6926510200fbbd4cd3efd6c001a77c8eb926798e4e70e7739 Command: RUN /bin/sh -c mkdir /tmp/truffle # buildkit	164 bytes
	Digest: sha256:f04fa270ac83e2ca5b1b7f832ace80fb22866672950051039134ebfc02ac1ba9 Command: RUN /bin/sh -c chown -R nonroot:nonroot /tmp/truffle # buildkit	142 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: USER nonroot	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENTRYPOINT ["/entrypoint.sh"]	32 bytes

trufflehog a940d1ed5842e7b281dc0dfa54ea7aa992a8312…	image amd64 linux b5731b499c6d842fe00… 21028a72563441c169c… 39.7 MB — 1 year, 2 months ago	2
trufflehog 8c60fc4e7954270be8274d51bc05ee320d5ea23…	image amd64 linux f27768a542f7ff71023… 39.0 MB — 1 year, 2 months ago	4
trufflehog cc69a0c71f3bb23b25b6159bf7a52c5dcd1185d…	image amd64 linux 2fb2008243da8574086… 39.8 MB — 1 year, 2 months ago	1
trufflehog c7d4b5f85dde2cb706b7707c80e512320b245fa…	image amd64 linux bbc3634cbda4bd21811… 39.7 MB — 1 year, 2 months ago	0
trufflehog 88bcf30213468db57cf6ae24662c033e9dcbddb…	image amd64 linux 52c841bfb5cf222161d… 38.2 MB — 1 year, 2 months ago	1
trufflehog aaca6fc5daa2e25b5f77dc1cfaf5a2c93bb7504…	image amd64 linux 38.2 MB — 1 year, 2 months ago	138
trufflehog dfce8d647512e176219f4309862d2391db368c1…	image amd64 linux ab14b038c5a4aaa3185… 35.4 MB — 2 years, 6 months ago	47125
trufflehog 94bec3ab628ef799f67b2906bde4b0be28b4b00…	image amd64 linux 3c28f724ac72b123e4b… 37.5 MB — 2 years, 7 months ago	6
trufflehog cf221f9310fbb98a6a7ccc7a59eb8c9a3c380fa…	image amd64 linux f8b184baeb745125423… 37.6 MB — 2 years, 7 months ago	29
trufflehog ee8e9a0bd504644cf179fe6eef1269d616362a1…	image amd64 linux eac8b5e37e1b95bca72… 37.6 MB — 2 years, 7 months ago	0
trufflehog 846a4b4fe329209770e8b7127bfae86418b322a…	image amd64 linux 6a0e4f691d5346c1bb3… 108.4 MB — 10 months, 4 weeks ago	0
trufflehog 6277efabe0fece54c3ba75d7866287c99b4cce5…	image amd64 linux ef9812c6ec02cd85d22… preprod 42.3 MB — 9 months ago	4
trufflehog 7dc481950b27e7e7466b710c1cb504cfc0d88d4…	image amd64 linux latest 42.3 MB — 10 months, 3 weeks ago	43147
trufflehog 3568c89c024ac974a3e9abdeb7654ecfee61e20…	image amd64 linux 42.3 MB — 10 months, 3 weeks ago	0
trufflehog 502dbf8e9ceb4fa08388ea7fdededa028642d52…	image amd64 linux 4c2bbf733f27e3acee5… 39.2 MB — 10 months, 4 weeks ago	0
trufflehog 1174e804b216d3279f10e3725748f5c53eac5ab…	image amd64 linux 0d8a928c5595ccc5aa4… 38.5 MB — 1 year, 1 month ago	0
trufflehog 70315e5910f629da5f152cc34e9996eee67da94…	image amd64 linux ee383c5b98096d89ee5… 38.5 MB — 1 year, 1 month ago	0
trufflehog 7ab713e713c2508c290c7be09ff7e865813743f…	image amd64 linux 0526b281abaf386ae40… 38.2 MB — 1 year, 2 months ago	0
trufflehog 7f8bae9fe573d0b590d25c66c501b9058944ef4…	image amd64 linux f2608c331a60ae6e1b4… 39.7 MB — 1 year, 2 months ago	1
trufflehog 5035e460e0a9a3db3149815478d67c43a1b3278…	image amd64 linux 1c60234b0b33fdd430f… 35.9 MB — 1 year, 2 months ago	22

Only packages within the same repository are displayed. The current package you're viewing is highlighted.

Last scanned

10 months, 4 weeks ago

Scan result

Vulnerable

Vulnerability count

Max. severity

Critical

Target:	Python
CRITICAL	CVE-2023-40267: GitPython: Insecure non-multi options in clone and clone_from is not blocked GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.32 References: access.redhat.com github.com github.com github.com github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com www.cve.org
HIGH	CVE-2022-24439: GitPython: improper user input validation leads into a RCE All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.30 References: access.redhat.com github.com github.com github.com github.com github.com github.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.snyk.io ubuntu.com www.cve.org
HIGH	CVE-2023-40590: gitpython: improper executable lookup on windows GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\Program Files\\Git\\cmd\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.33 References: access.redhat.com docs.python.org github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov www.cve.org
HIGH	CVE-2024-22190: Untrusted search path under some conditions on Windows allows arbitrary code execution GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.41 References: github.com github.com github.com github.com github.com nvd.nist.gov
MEDIUM	CVE-2023-41040: GitPython: Blind local file inclusion GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed. Package Name: GitPython Installed Version: 3.0.6 Fixed Version: 3.1.37 References: access.redhat.com github.com github.com github.com github.com github.com github.com github.com lists.debian.org nvd.nist.gov www.cve.org
Target:	bin/git-credential-myob
HIGH	CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Package Name: golang.org/x/net Installed Version: v0.7.0 Fixed Version: 0.17.0 References: None access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com security.netapp.com ubuntu.com www.cisa.gov www.cve.org
MEDIUM	CVE-2023-3978: golang.org/x/net/html: Cross site scripting Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. Package Name: golang.org/x/net Installed Version: v0.7.0 Fixed Version: 0.13.0 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org go.dev go.dev linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev www.cve.org
MEDIUM	CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Package Name: golang.org/x/net Installed Version: v0.7.0 Fixed Version: 0.17.0 References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com access.redhat.com akka.io arstechnica.com arstechnica.com aws.amazon.com aws.amazon.com blog.cloudflare.com blog.cloudflare.com blog.cloudflare.com blog.cloudflare.com blog.litespeedtech.com blog.litespeedtech.com blog.qualys.com blog.vespa.ai blog.vespa.ai bugzilla.proxmox.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.suse.com cgit.freebsd.org chaos.social cloud.google.com cloud.google.com cloud.google.com community.traefik.io cve.mitre.org devblogs.microsoft.com discuss.hashicorp.com edg.io errata.almalinux.org errata.rockylinux.org forums.swift.org gist.github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com go.dev go.dev go.dev groups.google.com groups.google.com istio.io istio.io linkerd.io linkerd.io linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.w3.org mailman.nginx.org martinthomson.github.io msrc.microsoft.com msrc.microsoft.com msrc.microsoft.com my.f5.com netty.io news.ycombinator.com news.ycombinator.com news.ycombinator.com news.ycombinator.com nodejs.org nvd.nist.gov openssf.org openssf.org pkg.go.dev seanmonstar.com security.gentoo.org security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.paloaltonetworks.com tomcat.apache.org tomcat.apache.org tomcat.apache.org tomcat.apache.org ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.bleepingcomputer.com www.bleepingcomputer.com www.cisa.gov www.cve.org www.darkreading.com www.debian.org www.debian.org www.debian.org www.debian.org www.debian.org www.debian.org www.eclipse.org www.haproxy.com www.mail-archive.com www.netlify.com www.netlify.com www.nginx.com www.nginx.com www.openwall.com www.phoronix.com www.theregister.com www.theregister.com
MEDIUM	CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. Package Name: golang.org/x/net Installed Version: v0.7.0 Fixed Version: 0.23.0 References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org go.dev go.dev groups.google.com kb.cert.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nowotarski.info nowotarski.info nvd.nist.gov pkg.go.dev security.netapp.com security.netapp.com ubuntu.com www.cve.org www.kb.cert.org

Previous Version: 6277efabe0fece54c3b…

Next Version: ee8e9a0bd504644cf17…

trufflehog 846a4b4fe329209770e8b7127bf…

One-liner (summary)

Description

License

Size

Downloads

Tags

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

trufflehog

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2023-40267: GitPython: Insecure non-multi options in clone and clone_from is not blocked

CVE-2022-24439: GitPython: improper user input validation leads into a RCE

CVE-2023-40590: gitpython: improper executable lookup on windows

CVE-2024-22190: Untrusted search path under some conditions on Windows allows arbitrary code execution

CVE-2023-41040: GitPython: Blind local file inclusion

CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

CVE-2023-3978: golang.org/x/net/html: Cross site scripting

CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS