This repository was archived by the owner on Jul 18, 2025. It is now read-only.
This repository was archived by the owner on Jul 18, 2025. It is now read-only.
Scan cli Unable to detect CVE-2021-44228 #192
Description
Hello!
I have installed the docker scan utility as described here:
https://docs.docker.com/engine/scan/#known-issues
I have used docker scan against the "vulnerable" CVE-2021-44228 docker image provide here https://github.com/christophetd/log4shell-vulnerable-app.
Unfortunately the docker scan was not able to detect the CVE-2021-44228.
Steps to reproduce the issue:
- docker run --name vulnerable-app --rm -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app
2.docker scan docker scan ghcr.io/christophetd/log4shell-vulnerable-app:latest
Describe the results you received:
Testing ghcr.io/christophetd/log4shell-vulnerable-app:latest...
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2583
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075620
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.242.08-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2590
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075622
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.242.08-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2659
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075630
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.242.08-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2654
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075632
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.242.08-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2754
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075634
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2755
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075637
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2756
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075639
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2757
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075640
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2773
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075642
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075656
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2945
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075657
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2964
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075660
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2962
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075661
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2973
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075662
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2978
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075665
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2981
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075666
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2983
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075668
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2987
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075671
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2988
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075672
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2992
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075676
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2894
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075680
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14577
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075684
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14578
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075685
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14579
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075686
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14581
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075687
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14779
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075691
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14781
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075692
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14782
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075693
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14796
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075695
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14797
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075696
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14798
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075697
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344523
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.191.12-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344539
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.201.08-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344660
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.191.12-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344671
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.201.08-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-485401
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.222.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-489037
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.222.10-r0
✗ Low severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-506913
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.222.10-r0
✗ Medium severity vulnerability found in sqlite/sqlite-libs
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-1019956
Introduced through: sqlite/[email protected], nss/[email protected]
From: sqlite/[email protected]
From: nss/[email protected] > sqlite/[email protected]
Fixed in: 3.25.3-r2
✗ Medium severity vulnerability found in sqlite/sqlite-libs
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-598535
Introduced through: sqlite/[email protected], nss/[email protected]
From: sqlite/[email protected]
From: nss/[email protected] > sqlite/[email protected]
Fixed in: 3.25.3-r3
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2593
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075624
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.242.08-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2601
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075627
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.242.08-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2781
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075644
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2800
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075647
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2830
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075652
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2949
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075658
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2958
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075659
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2975
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075663
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2989
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075675
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2019-2999
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075678
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.232.09-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14556
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075683
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14621
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075690
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14792
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075694
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14803
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075698
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344398
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.191.12-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344491
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.191.12-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344564
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.201.08-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344591
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.191.12-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344603
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.191.12-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-452929
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.212.04-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-484458
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.222.10-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-488191
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.222.10-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-488478
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.222.10-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-500014
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.222.10-r0
✗ Medium severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-504948
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.222.10-r0
✗ Medium severity vulnerability found in libtasn1/libtasn1
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBTASN1-458536
Introduced through: libtasn1/[email protected], p11-kit/[email protected]
From: libtasn1/[email protected]
From: p11-kit/[email protected] > libtasn1/[email protected]
Fixed in: 4.14-r0
✗ Medium severity vulnerability found in libpng/libpng
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBPNG-452828
Introduced through: libpng/[email protected], freetype/[email protected], openjdk8/[email protected]
From: libpng/[email protected]
From: freetype/[email protected] > libpng/[email protected]
From: openjdk8/[email protected] > libpng/[email protected]
Fixed in: 1.6.37-r0
✗ Medium severity vulnerability found in libpng/libpng
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBPNG-453172
Introduced through: libpng/[email protected], freetype/[email protected], openjdk8/[email protected]
From: libpng/[email protected]
From: freetype/[email protected] > libpng/[email protected]
From: openjdk8/[email protected] > libpng/[email protected]
Fixed in: 1.6.37-r0
✗ Medium severity vulnerability found in libjpeg-turbo/libjpeg-turbo
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBJPEGTURBO-458242
Introduced through: libjpeg-turbo/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: libjpeg-turbo/[email protected]
From: openjdk8/[email protected] > libjpeg-turbo/[email protected]
From: openjdk8/[email protected] > libjpeg-turbo/[email protected]
Fixed in: 1.5.3-r5
✗ Medium severity vulnerability found in krb5/krb5-libs
Description: Reachable Assertion
Info: https://snyk.io/vuln/SNYK-ALPINE38-KRB5-344510
Introduced through: krb5/[email protected], krb5-conf/[email protected], openjdk8/[email protected]
From: krb5/[email protected]
From: krb5-conf/[email protected] > krb5/[email protected]
From: openjdk8/[email protected] > krb5/[email protected]
Fixed in: 1.15.4-r0
✗ Medium severity vulnerability found in e2fsprogs/libcom_err
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-ALPINE38-E2FSPROGS-504975
Introduced through: e2fsprogs/[email protected], krb5-conf/[email protected]
From: e2fsprogs/[email protected]
From: krb5-conf/[email protected] > krb5/[email protected] > e2fsprogs/[email protected]
Fixed in: 1.44.2-r1
✗ Medium severity vulnerability found in e2fsprogs/libcom_err
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-ALPINE38-E2FSPROGS-598622
Introduced through: e2fsprogs/[email protected], krb5-conf/[email protected]
From: e2fsprogs/[email protected]
From: krb5-conf/[email protected] > krb5/[email protected] > e2fsprogs/[email protected]
Fixed in: 1.44.2-r2
✗ High severity vulnerability found in sqlite/sqlite-libs
Description: CVE-2019-19244
Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-1019957
Introduced through: sqlite/[email protected], nss/[email protected]
From: sqlite/[email protected]
From: nss/[email protected] > sqlite/[email protected]
Fixed in: 3.25.3-r3
✗ High severity vulnerability found in sqlite/sqlite-libs
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-344378
Introduced through: sqlite/[email protected], nss/[email protected]
From: sqlite/[email protected]
From: nss/[email protected] > sqlite/[email protected]
Fixed in: 3.25.3-r0
✗ High severity vulnerability found in sqlite/sqlite-libs
Description: Improper Initialization
Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-598534
Introduced through: sqlite/[email protected], nss/[email protected]
From: sqlite/[email protected]
From: nss/[email protected] > sqlite/[email protected]
Fixed in: 3.25.0-r4
✗ High severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2604
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075628
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.242.08-r0
✗ High severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2803
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075648
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ High severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-2805
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075650
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.252.09-r0
✗ High severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14583
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075688
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ High severity vulnerability found in openjdk8/openjdk8-jre
Description: CVE-2020-14593
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-1075689
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.272.10-r0
✗ High severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344386
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.191.12-r0
✗ High severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344453
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.191.12-r0
✗ High severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-453038
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.212.04-r0
✗ High severity vulnerability found in openjdk8/openjdk8-jre
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-453297
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.212.04-r0
✗ High severity vulnerability found in libpng/libpng
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBPNG-453732
Introduced through: libpng/[email protected], freetype/[email protected], openjdk8/[email protected]
From: libpng/[email protected]
From: freetype/[email protected] > libpng/[email protected]
From: openjdk8/[email protected] > libpng/[email protected]
Fixed in: 1.6.37-r0
✗ High severity vulnerability found in libjpeg-turbo/libjpeg-turbo
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-ALPINE38-LIBJPEGTURBO-598583
Introduced through: libjpeg-turbo/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: libjpeg-turbo/[email protected]
From: openjdk8/[email protected] > libjpeg-turbo/[email protected]
From: openjdk8/[email protected] > libjpeg-turbo/[email protected]
Fixed in: 1.5.3-r6
✗ Critical severity vulnerability found in sqlite/sqlite-libs
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-ALPINE38-SQLITE-458494
Introduced through: sqlite/[email protected], nss/[email protected]
From: sqlite/[email protected]
From: nss/[email protected] > sqlite/[email protected]
Fixed in: 3.25.3-r1
✗ Critical severity vulnerability found in openjdk8/openjdk8-jre
Description: Improper Access Control
Info: https://snyk.io/vuln/SNYK-ALPINE38-OPENJDK8-344658
Introduced through: openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected], openjdk8/[email protected]
From: openjdk8/[email protected]
From: openjdk8/[email protected] > openjdk8/[email protected]
From: openjdk8/[email protected]
and 5 more...
Fixed in: 8.191.12-r0
✗ Critical severity vulnerability found in musl/musl-utils
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-ALPINE38-MUSL-458276
Introduced through: musl/[email protected], libc-dev/[email protected], meta-common-packages@meta
From: musl/[email protected]
From: libc-dev/[email protected] > musl/[email protected]
From: meta-common-packages@meta > musl/[email protected]
Fixed in: 1.1.19-r11
✗ Critical severity vulnerability found in bzip2/libbz2
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-ALPINE38-BZIP2-452633
Introduced through: bzip2/[email protected], freetype/[email protected]
From: bzip2/[email protected]
From: freetype/[email protected] > bzip2/[email protected]
Fixed in: 1.0.6-r7
Package manager: apk
Project name: docker-image|ghcr.io/christophetd/log4shell-vulnerable-app
Docker image: ghcr.io/christophetd/log4shell-vulnerable-app:latest
Platform: linux/amd64
Base image: openjdk:8u181-jdk-alpine3.8
Licenses: enabled
Tested 54 dependencies for known issues, found 90 issues.
Base Image Vulnerabilities Severity
openjdk:8u181-jdk-alpine3.8 90 4 critical, 14 high, 34 medium, 38 low
Recommendations for base image upgrade:
Alternative image types
Base Image Vulnerabilities Severity
openjdk:17-ea-22-jdk-oracle 0 0 critical, 0 high, 0 medium, 0 low
openjdk:16-ea-33-jdk-oraclelinux8 0 0 critical, 0 high, 0 medium, 0 low
openjdk:17-ea-10-jdk 0 0 critical, 0 high, 0 medium, 0 low
openjdk:17-ea-26-oraclelinux8 0 0 critical, 0 high, 0 medium, 0 low
Alpine 3.8.2 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates.
-------------------------------------------------------
Testing ghcr.io/christophetd/log4shell-vulnerable-app:latest...
Package manager: maven
Target file: /app
Project name: ghcr.io/christophetd/log4shell-vulnerable-app:latest:/app
Docker image: ghcr.io/christophetd/log4shell-vulnerable-app:latest
Licenses: enabled
✔ Tested ghcr.io/christophetd/log4shell-vulnerable-app:latest for known issues, no vulnerable paths found.
Tested 2 projects, 1 contained vulnerable paths.
Describe the results you expected:
No CVE-2021-44228 detected as described here https://docs.docker.com/engine/scan/#scan-images-for-log4j-2-cve
Additional information you deem important (e.g. issue happens only occasionally):
Output of docker version:
Client: Docker Engine - Community
Version: 19.03.6
API version: 1.40
Go version: go1.12.16
Git commit: 369ce74a3c
Built: Thu Feb 13 01:27:48 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.6
API version: 1.40 (minimum version 1.12)
Go version: go1.12.16
Git commit: 369ce74a3c
Built: Thu Feb 13 01:26:21 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.6
GitCommit: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc:
Version: 1.0.0-rc8
GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f
docker-init:
Version: 0.18.0
GitCommit: fec3683
Output of docker scan --version:
Version: v0.12.0
Git commit: 1074dd0
Provider: Snyk (1.790.0 (standalone))