Vulnerability Scan Report for registry.suse.com/bci/php:8-11.3
PHP 8 container based on the SLE Base Container Image.
Last scanned on: July 23, 2024 06:10
![](/assets/images/containers-7e1f6ccbb2a74b9ca8542ef74aad5cfeb395762b.webp)
PHP 8 container based on the SLE Base Container Image.
Last scanned on: July 23, 2024 06:10
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
php-composer2 | HIGH | fixed |
Security update for php-composer2 Vulnerability ID: SUSE-SU-2024:0592-1 Installed Version: 2.2.3-150400.3.6.1 Fixed Version: 2.2.3-150400.3.9.1 This update for php-composer2 fixes the following issues: - CVE-2024-24821: Fixed potential arbitrary code execution when Composer is invoked within a directory with tampered files (bsc#1219757). |
||
php-composer2 | HIGH | fixed |
Security update for php-composer2 Vulnerability ID: SUSE-SU-2024:2106-1 Installed Version: 2.2.3-150400.3.6.1 Fixed Version: 2.2.3-150400.3.12.1 This update for php-composer2 fixes the following issues: - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names (bsc#1226181). - CVE-2024-35242: Fixed command injection via specially crafted branch names during repository cloning (bsc#1226182). |
||
php8 | MEDIUM | fixed |
Security update for php8 Vulnerability ID: SUSE-SU-2024:1446-1 Installed Version: 8.0.30-150400.4.37.1 Fixed Version: 8.0.30-150400.4.40.1 This update for php8 fixes the following issues: - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857) - CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858) |
||
php8 | MEDIUM | fixed |
Security update for php8 Vulnerability ID: SUSE-SU-2024:2039-1 Installed Version: 8.0.30-150400.4.37.1 Fixed Version: 8.0.30-150400.4.43.1 This update for php8 fixes the following issues: - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) |
||
php8-cli | MEDIUM | fixed |
Security update for php8 Vulnerability ID: SUSE-SU-2024:1446-1 Installed Version: 8.0.30-150400.4.37.1 Fixed Version: 8.0.30-150400.4.40.1 This update for php8 fixes the following issues: - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857) - CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858) |