🔒 Critical/High vulnerabilities in registry.gitlab.com/haynes/jacoco2cobertura:1.0.9

🔗 Central Security Tracking

This issue is automatically tracked by the Security team in the central project.

📋 Tracking Project: canada-life/coe/securitytools/cluster-drift-detection

🔒 Security Vulnerabilities Detected

Image Information

  • Full Name: registry.gitlab.com/haynes/jacoco2cobertura:1.0.9
  • Digest: sha256:ffc2c93e5
  • Base Image: N/A
  • Deployed Environments: Unknown

Vulnerability Summary

  • 🔴 Critical: 2 vulnerabilities
  • 🟠 High: 14 vulnerabilities
  • Total Patchable: 16 vulnerabilities

CVE IDs (Top 10)

Remediation Timeline

  • Severity: CRITICAL
  • Due Date: 2025-12-06
  • SLA: Critical vulnerabilities must be fixed within 30 days

Detailed Findings

🔴 Critical Severity (2)

  • CVE-2022-48174 (CVSS: 9.8)

    • Package: busybox
    • Current Version: 1.34.1-r7
    • Fix Version: available
    • Description: There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution....

  • CVE-2025-6965 (CVSS: 9.8)

    • Package: sqlite
    • Current Version: 3.36.0-r0
    • Fix Version: available
    • Description: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recomme...

🟠 High Severity (14)

  • CVE-2022-43680 (CVSS: 7.5)

    • Package: expat
    • Current: 2.4.7-r0 → Fix: available

  • CVE-2022-40674 (CVSS: 8.1)

    • Package: expat
    • Current: 2.4.7-r0 → Fix: available

  • CVE-2022-42898 (CVSS: 8.8)

    • Package: krb5
    • Current: 1.19.3-r0 → Fix: available

  • CVE-2023-29491 (CVSS: 7.8)

    • Package: ncurses
    • Current: 6.3_p20211120-r1 → Fix: available

  • CVE-2023-0215 (CVSS: 7.5)

    • Package: openssl
    • Current: 1.1.1q-r0 → Fix: available

... and 9 more high severity vulnerabilities

🔗 Resources