73 lines
3.3 KiB
JSON
73 lines
3.3 KiB
JSON
{
|
|
"version": "2.1.0",
|
|
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
|
|
"runs": [
|
|
{
|
|
"tool": {
|
|
"driver": {
|
|
"name": "AWS ECR",
|
|
"informationUri": "https://aws.amazon.com/ecr/",
|
|
"rules": [
|
|
{
|
|
"id": "CVE-2019-5188",
|
|
"name": "Unknown",
|
|
"shortDescription": {
|
|
"text": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."
|
|
},
|
|
"fullDescription": {
|
|
"text": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."
|
|
},
|
|
"defaultConfiguration": {
|
|
"level": "warning"
|
|
},
|
|
"helpUri": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5188",
|
|
"help": {
|
|
"text": "Vulnerability CVE-2019-5188\nSeverity: MEDIUM\nPackage: e2fsprogs\nFixed Version: \nLink: [CVE-2019-5188](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5188)",
|
|
"markdown": "**Vulnerability CVE-2019-5188**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|e2fsprogs||[CVE-2019-5188](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5188)\n\nA code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."
|
|
},
|
|
"properties": {
|
|
"tags": [
|
|
"vulnerability",
|
|
"security",
|
|
"MEDIUM"
|
|
],
|
|
"security-severity": "4.6",
|
|
"precision": "very-high"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"results": [
|
|
{
|
|
"ruleId": "CVE-2019-5188",
|
|
"ruleIndex": 0,
|
|
"level": "warning",
|
|
"message": {
|
|
"text": "Package: e2fsprogs\nInstalled Version: 1.44.1-1ubuntu1.1\nVulnerability CVE-2019-5188\nSeverity: MEDIUM\nFixed Version: \nLink: [CVE-2019-5188](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5188)"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "sample-repo"
|
|
}
|
|
},
|
|
"message": {
|
|
"text": "sample-repo: e2fsprogs@1.44.1-1ubuntu1.1"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"properties": {
|
|
"imageID": "sha256:74b2c688c700ec95a93e478cdb959737c148df3fbf5ea706abe0318726e885e6",
|
|
"imageName": "sample-repo",
|
|
"repoDigests": [
|
|
"sample-repo@sha256:74b2c688c700ec95a93e478cdb959737c148df3fbf5ea706abe0318726e885e6"
|
|
],
|
|
"repoTags": []
|
|
}
|
|
}
|
|
]
|
|
} |