ci: add docker scout

[lotyp]

No description provided.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:a425407acf57fd18229fa9cdab4937a72a748aa0d9a868613c619be58a0fe91c
vulnerabilities
size	83 MB
packages	172

📦 Base Image php:8.2-fpm-alpine

also known as	8.2-fpm-alpine3.19 8.2.17-fpm-alpine 8.2.17-fpm-alpine3.19
digest	sha256:c5d9ca92dd6998511c65f223359eec2b0eb1cef311bed2aa2c3778657de8ab28
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-fpm-alpine

Name	8.2.17-fpm-alpine3.19
Digest	sha256:c5d9ca92dd6998511c65f223359eec2b0eb1cef311bed2aa2c3778657de8ab28
Vulnerabilities
Pushed	3 weeks ago
Size	31 MB
Packages	50
Flavor	alpine
OS	3.19
Runtime	8.2.17

The base image is also available under the supported tag(s): 8.2-fpm-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3.2-fpm-alpine Minor runtime version update Also known as: 8.3.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.3-fpm-alpine Image has same number of vulnerabilities Also known as: 8.3-fpm-alpine3.19 8-fpm-alpine 8-fpm-alpine3.19 fpm-alpine fpm-alpine3.19	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19	3 weeks ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:d850a798c52b359d948c274d3d063fcae1028d1015d9fb97f92e873b47317b30
vulnerabilities
size	88 MB
packages	171

📦 Base Image php:8.2-alpine

also known as	8.2-alpine3.19 8.2-cli-alpine 8.2-cli-alpine3.19 8.2.17-alpine 8.2.17-alpine3.19 8.2.17-cli-alpine 8.2.17-cli-alpine3.19
digest	sha256:f0a739b68fa1b0991c5344d6624ac56bc523003b9c9a08c29b05c89076625349
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:57333e528e89a06523f7b462c018260ab6eb7fcf45d6f57921f30728f4f532d5
vulnerabilities
size	88 MB
packages	171

📦 Base Image php:8-alpine

also known as	8-alpine3.19 8-cli-alpine 8-cli-alpine3.19 8.3-alpine 8.3-alpine3.19 8.3-cli-alpine 8.3-cli-alpine3.19 8.3.4-alpine 8.3.4-alpine3.19 8.3.4-cli-alpine 8.3.4-cli-alpine3.19 alpine alpine3.19 cli-alpine cli-alpine3.19
digest	sha256:c7191162ccab268e08a67f7b44aaa2b3403b2b3714b7334ad8f689af18ac89fc
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8-alpine

Name	8.3.4-alpine3.19
Digest	sha256:c7191162ccab268e08a67f7b44aaa2b3403b2b3714b7334ad8f689af18ac89fc
Vulnerabilities
Pushed	3 weeks ago
Size	36 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.3.4

The base image is also available under the supported tag(s): 8-alpine3.19, 8-cli-alpine, 8-cli-alpine3.19, 8.3-alpine, 8.3-alpine3.19, 8.3-cli-alpine, 8.3-cli-alpine3.19, alpine, alpine3.19, cli-alpine, cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-alpine

Name	8.2.17-alpine3.19
Digest	sha256:f0a739b68fa1b0991c5344d6624ac56bc523003b9c9a08c29b05c89076625349
Vulnerabilities
Pushed	3 weeks ago
Size	35 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.2.17

The base image is also available under the supported tag(s): 8.2-alpine3.19, 8.2-cli-alpine, 8.2-cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-alpine Minor runtime version update Also known as: 8.3-cli-alpine 8.3-cli-alpine3.19 8-cli-alpine 8-cli-alpine3.19 cli-alpine cli-alpine3.19 alpine alpine3.19 8.3-alpine3.19 8-alpine 8-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3	3 weeks ago
8.3.2-alpine Minor runtime version update Also known as: 8.3.2-cli-alpine 8.3.2-cli-alpine3.19 8.3.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:49c45cacfa3022d06e1fe9bd9a5d77863723c32c03c13eb9132bff4a528842e7
vulnerabilities
size	84 MB
packages	172

📦 Base Image php:8-fpm-alpine

also known as	8-fpm-alpine3.19 8.3-fpm-alpine 8.3-fpm-alpine3.19 8.3.4-fpm-alpine 8.3.4-fpm-alpine3.19 fpm-alpine fpm-alpine3.19
digest	sha256:4df626957fe8907b11d439553e830fbd815737a2c3ad15af912152ef2958ccf9
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:2c2e9792626db16f340b01b5cc81da91cb5c7a948527627baeb0191c62a8fae2
vulnerabilities
size	108 MB
packages	190

📦 Base Image php:8-alpine

also known as	8-alpine3.19 8-cli-alpine 8-cli-alpine3.19 8.3-alpine 8.3-alpine3.19 8.3-cli-alpine 8.3-cli-alpine3.19 8.3.4-alpine 8.3.4-alpine3.19 8.3.4-cli-alpine 8.3.4-cli-alpine3.19 alpine alpine3.19 cli-alpine cli-alpine3.19
digest	sha256:c7191162ccab268e08a67f7b44aaa2b3403b2b3714b7334ad8f689af18ac89fc
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8-alpine

Name	8.3.4-alpine3.19
Digest	sha256:c7191162ccab268e08a67f7b44aaa2b3403b2b3714b7334ad8f689af18ac89fc
Vulnerabilities
Pushed	3 weeks ago
Size	36 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.3.4

The base image is also available under the supported tag(s): 8-alpine3.19, 8-cli-alpine, 8-cli-alpine3.19, 8.3-alpine, 8.3-alpine3.19, 8.3-cli-alpine, 8.3-cli-alpine3.19, alpine, alpine3.19, cli-alpine, cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8-fpm-alpine

Name	fpm-alpine3.19
Digest	sha256:4df626957fe8907b11d439553e830fbd815737a2c3ad15af912152ef2958ccf9
Vulnerabilities
Pushed	3 weeks ago
Size	32 MB
Packages	50
Flavor	alpine
OS	3.19

The base image is also available under the supported tag(s): 8-fpm-alpine3.19, 8.3-fpm-alpine, 8.3-fpm-alpine3.19, fpm-alpine, fpm-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.2-fpm-alpine Minor runtime version update Also known as: 8.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 564 KB Tag was pushed more recently Image has same number of vulnerabilities Image contains equal number of packages 8.2-fpm-alpine was pulled 4.1K times last month Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.1-fpm-alpine Minor runtime version update Also known as: 8.1.27-fpm-alpine 8.1.27-fpm-alpine3.19 8.1-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 983 KB Tag was pushed more recently Image has same number of vulnerabilities Image contains equal number of packages 8.1-fpm-alpine is the fourth most popular tag with 18K pulls per month Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.1.27	3 weeks ago
8.3.2-fpm-alpine Minor runtime version update Also known as: 8.3.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 9.0 KB Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-fpm-alpine Minor runtime version update Also known as: 8.2.15-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 582 KB Image contains equal number of packages Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:012a62a2ffe096eef2363ec00338d21733dbbfec3c70d9ef60b868ef671e902c
vulnerabilities
size	108 MB
packages	190

📦 Base Image php:8.2-alpine

also known as	8.2-alpine3.19 8.2-cli-alpine 8.2-cli-alpine3.19 8.2.17-alpine 8.2.17-alpine3.19 8.2.17-cli-alpine 8.2.17-cli-alpine3.19
digest	sha256:f0a739b68fa1b0991c5344d6624ac56bc523003b9c9a08c29b05c89076625349
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-alpine

Name	8.2.17-alpine3.19
Digest	sha256:f0a739b68fa1b0991c5344d6624ac56bc523003b9c9a08c29b05c89076625349
Vulnerabilities
Pushed	3 weeks ago
Size	35 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.2.17

The base image is also available under the supported tag(s): 8.2-alpine3.19, 8.2-cli-alpine, 8.2-cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-alpine Minor runtime version update Also known as: 8.3-cli-alpine 8.3-cli-alpine3.19 8-cli-alpine 8-cli-alpine3.19 cli-alpine cli-alpine3.19 alpine alpine3.19 8.3-alpine3.19 8-alpine 8-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3	3 weeks ago
8.3.2-alpine Minor runtime version update Also known as: 8.3.2-cli-alpine 8.3.2-cli-alpine3.19 8.3.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:256f67a21b6e0e8f5d2f47b06b7f4c4d362ac59d35feb899194b6502600a323e
vulnerabilities
size	83 MB
packages	172

📦 Base Image php:8.2-fpm-alpine

also known as	8.2-fpm-alpine3.19 8.2.17-fpm-alpine 8.2.17-fpm-alpine3.19
digest	sha256:c5d9ca92dd6998511c65f223359eec2b0eb1cef311bed2aa2c3778657de8ab28
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-fpm-alpine

Name	8.2.17-fpm-alpine3.19
Digest	sha256:c5d9ca92dd6998511c65f223359eec2b0eb1cef311bed2aa2c3778657de8ab28
Vulnerabilities
Pushed	3 weeks ago
Size	31 MB
Packages	50
Flavor	alpine
OS	3.19
Runtime	8.2.17

The base image is also available under the supported tag(s): 8.2-fpm-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3.2-fpm-alpine Minor runtime version update Also known as: 8.3.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.3-fpm-alpine Image has same number of vulnerabilities Also known as: 8.3-fpm-alpine3.19 8-fpm-alpine 8-fpm-alpine3.19 fpm-alpine fpm-alpine3.19	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19	3 weeks ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:210dd2877536dbff1a8f2163c17d4015558320639cb28d5368e0dd8054d629eb
vulnerabilities
size	83 MB
packages	172

📦 Base Image php:8.1-fpm-alpine

also known as	8.1-fpm-alpine3.19 8.1.27-fpm-alpine 8.1.27-fpm-alpine3.19
digest	sha256:0396ed0b83c93a957834197aca8f34a0d6b8ec75f9f7cd6b337cd4ec3541464b
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:aa5fdf90f9edde6339762d47a76029aea8ff64fea8382481286e0155b0f85e0a
vulnerabilities
size	87 MB
packages	171

📦 Base Image php:8.1-alpine

also known as	8.1-alpine3.19 8.1-cli-alpine 8.1-cli-alpine3.19 8.1.27-alpine 8.1.27-alpine3.19 8.1.27-cli-alpine 8.1.27-cli-alpine3.19
digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
vulnerabilities

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-alpine

Name	8.1.27-alpine3.19
Digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
Vulnerabilities
Pushed	3 weeks ago
Size	35 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.1.27

The base image is also available under the supported tag(s): 8.1-alpine3.19, 8.1-cli-alpine, 8.1-cli-alpine3.19, 8.1.27-alpine, 8.1.27-alpine3.19, 8.1.27-cli-alpine, 8.1.27-cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-alpine Minor runtime version update Also known as: 8.3-cli-alpine 8.3-cli-alpine3.19 8-cli-alpine 8-cli-alpine3.19 cli-alpine cli-alpine3.19 alpine alpine3.19 8.3-alpine3.19 8-alpine 8-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3	3 weeks ago
8.2-alpine Minor runtime version update Also known as: 8.2-cli-alpine 8.2-cli-alpine3.19 8.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-alpine was pulled 1.8K times last month Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.3.2-alpine Minor runtime version update Also known as: 8.3.2-cli-alpine 8.3.2-cli-alpine3.19 8.3.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-alpine Minor runtime version update Also known as: 8.2.15-cli-alpine 8.2.15-cli-alpine3.19 8.2.15-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-fpm-alpine

Name	8.1.27-fpm-alpine3.19
Digest	sha256:0396ed0b83c93a957834197aca8f34a0d6b8ec75f9f7cd6b337cd4ec3541464b
Vulnerabilities
Pushed	3 weeks ago
Size	31 MB
Packages	50
Flavor	alpine
OS	3.19
Runtime	8.1.27

The base image is also available under the supported tag(s): 8.1-fpm-alpine3.19, 8.1.27-fpm-alpine, 8.1.27-fpm-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.2-fpm-alpine Minor runtime version update Also known as: 8.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-fpm-alpine was pulled 4.1K times last month Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.3.2-fpm-alpine Minor runtime version update Also known as: 8.3.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-fpm-alpine Minor runtime version update Also known as: 8.2.15-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago
8.3-fpm-alpine Image has same number of vulnerabilities Also known as: 8.3-fpm-alpine3.19 8-fpm-alpine 8-fpm-alpine3.19 fpm-alpine fpm-alpine3.19	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19	3 weeks ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:de0b3f0a6a9b6207293b15c494a3614387630cdd712d917109946a5ba43df40e
vulnerabilities
size	107 MB
packages	190

📦 Base Image php:8.1-alpine

also known as	8.1-alpine3.19 8.1-cli-alpine 8.1-cli-alpine3.19 8.1.27-alpine 8.1.27-alpine3.19 8.1.27-cli-alpine 8.1.27-cli-alpine3.19
digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-alpine

Name	8.1.27-alpine3.19
Digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
Vulnerabilities
Pushed	3 weeks ago
Size	35 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.1.27

The base image is also available under the supported tag(s): 8.1-alpine3.19, 8.1-cli-alpine, 8.1-cli-alpine3.19, 8.1.27-alpine, 8.1.27-alpine3.19, 8.1.27-cli-alpine, 8.1.27-cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-alpine Minor runtime version update Also known as: 8.3-cli-alpine 8.3-cli-alpine3.19 8-cli-alpine 8-cli-alpine3.19 cli-alpine cli-alpine3.19 alpine alpine3.19 8.3-alpine3.19 8-alpine 8-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3	3 weeks ago
8.2-alpine Minor runtime version update Also known as: 8.2-cli-alpine 8.2-cli-alpine3.19 8.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-alpine was pulled 1.8K times last month Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.3.2-alpine Minor runtime version update Also known as: 8.3.2-cli-alpine 8.3.2-cli-alpine3.19 8.3.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-alpine Minor runtime version update Also known as: 8.2.15-cli-alpine 8.2.15-cli-alpine3.19 8.2.15-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:5d836f67c48db4978d122441e2cd6dc1c0ebb4b096caf64280d072e16083be26
vulnerabilities
size	84 MB
packages	172

📦 Base Image php:8-fpm-alpine

also known as	8-fpm-alpine3.19 8.3-fpm-alpine 8.3-fpm-alpine3.19 8.3.4-fpm-alpine 8.3.4-fpm-alpine3.19 fpm-alpine fpm-alpine3.19
digest	sha256:4df626957fe8907b11d439553e830fbd815737a2c3ad15af912152ef2958ccf9
vulnerabilities

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:2c31cc2a25c5455c5371022cfd3c292804a5cf49417a8b933e97dab45bfa0b23
vulnerabilities
size	88 MB
packages	171

📦 Base Image php:8.2-alpine

also known as	8.2-alpine3.19 8.2-cli-alpine 8.2-cli-alpine3.19 8.2.17-alpine 8.2.17-alpine3.19 8.2.17-cli-alpine 8.2.17-cli-alpine3.19
digest	sha256:f0a739b68fa1b0991c5344d6624ac56bc523003b9c9a08c29b05c89076625349
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-alpine

Name	8.2.17-alpine3.19
Digest	sha256:f0a739b68fa1b0991c5344d6624ac56bc523003b9c9a08c29b05c89076625349
Vulnerabilities
Pushed	3 weeks ago
Size	35 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.2.17

The base image is also available under the supported tag(s): 8.2-alpine3.19, 8.2-cli-alpine, 8.2-cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-alpine Minor runtime version update Also known as: 8.3-cli-alpine 8.3-cli-alpine3.19 8-cli-alpine 8-cli-alpine3.19 cli-alpine cli-alpine3.19 alpine alpine3.19 8.3-alpine3.19 8-alpine 8-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3	3 weeks ago
8.3.2-alpine Minor runtime version update Also known as: 8.3.2-cli-alpine 8.3.2-cli-alpine3.19 8.3.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8-fpm-alpine

Name	fpm-alpine3.19
Digest	sha256:4df626957fe8907b11d439553e830fbd815737a2c3ad15af912152ef2958ccf9
Vulnerabilities
Pushed	3 weeks ago
Size	32 MB
Packages	50
Flavor	alpine
OS	3.19

The base image is also available under the supported tag(s): 8-fpm-alpine3.19, 8.3-fpm-alpine, 8.3-fpm-alpine3.19, fpm-alpine, fpm-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.2-fpm-alpine Minor runtime version update Also known as: 8.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 564 KB Tag was pushed more recently Image has same number of vulnerabilities Image contains equal number of packages 8.2-fpm-alpine was pulled 4.1K times last month Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.1-fpm-alpine Minor runtime version update Also known as: 8.1.27-fpm-alpine 8.1.27-fpm-alpine3.19 8.1-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 983 KB Tag was pushed more recently Image has same number of vulnerabilities Image contains equal number of packages 8.1-fpm-alpine is the fourth most popular tag with 18K pulls per month Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.1.27	3 weeks ago
8.3.2-fpm-alpine Minor runtime version update Also known as: 8.3.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 9.0 KB Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-fpm-alpine Minor runtime version update Also known as: 8.2.15-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 582 KB Image contains equal number of packages Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:3568f50f57d0a8bca00069f14785945607f89af9f1b63f14acc2543a6b8dfdc0
vulnerabilities
size	87 MB
packages	171

📦 Base Image php:8.1-alpine

also known as	8.1-alpine3.19 8.1-cli-alpine 8.1-cli-alpine3.19 8.1.27-alpine 8.1.27-alpine3.19 8.1.27-cli-alpine 8.1.27-cli-alpine3.19
digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:5b7928747ee2a042d1cb4eafef8f865e75c488c53262e9afdeeb9ee4c3355176
vulnerabilities
size	83 MB
packages	172

📦 Base Image php:8.2-fpm-alpine

also known as	8.2-fpm-alpine3.19 8.2.17-fpm-alpine 8.2.17-fpm-alpine3.19
digest	sha256:c5d9ca92dd6998511c65f223359eec2b0eb1cef311bed2aa2c3778657de8ab28
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:47da43596ef697a946e1765050b14a401faf973588f0ef977d4336d65647316b
vulnerabilities
size	108 MB
packages	190

📦 Base Image php:8.2-alpine

also known as	8.2-alpine3.19 8.2-cli-alpine 8.2-cli-alpine3.19 8.2.17-alpine 8.2.17-alpine3.19 8.2.17-cli-alpine 8.2.17-cli-alpine3.19
digest	sha256:f0a739b68fa1b0991c5344d6624ac56bc523003b9c9a08c29b05c89076625349
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:87f8661cadad2fe2d6a82c27f7b8443edfa039fb1decb086624b6b92f2c2d474
vulnerabilities
size	88 MB
packages	171

📦 Base Image php:8-alpine

also known as	8-alpine3.19 8-cli-alpine 8-cli-alpine3.19 8.3-alpine 8.3-alpine3.19 8.3-cli-alpine 8.3-cli-alpine3.19 8.3.4-alpine 8.3.4-alpine3.19 8.3.4-cli-alpine 8.3.4-cli-alpine3.19 alpine alpine3.19 cli-alpine cli-alpine3.19
digest	sha256:c7191162ccab268e08a67f7b44aaa2b3403b2b3714b7334ad8f689af18ac89fc
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:d32181a2e1b27aa5a3b49666911017ccb06ba7f5d89c95ecab1cbd8132b55f0c
vulnerabilities
size	107 MB
packages	190

📦 Base Image php:8.1-alpine

also known as	8.1-alpine3.19 8.1-cli-alpine 8.1-cli-alpine3.19 8.1.27-alpine 8.1.27-alpine3.19 8.1.27-cli-alpine 8.1.27-cli-alpine3.19
digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-alpine

Name	8.1.27-alpine3.19
Digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
Vulnerabilities
Pushed	3 weeks ago
Size	35 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.1.27

The base image is also available under the supported tag(s): 8.1-alpine3.19, 8.1-cli-alpine, 8.1-cli-alpine3.19, 8.1.27-alpine, 8.1.27-alpine3.19, 8.1.27-cli-alpine, 8.1.27-cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-alpine Minor runtime version update Also known as: 8.3-cli-alpine 8.3-cli-alpine3.19 8-cli-alpine 8-cli-alpine3.19 cli-alpine cli-alpine3.19 alpine alpine3.19 8.3-alpine3.19 8-alpine 8-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3	3 weeks ago
8.2-alpine Minor runtime version update Also known as: 8.2-cli-alpine 8.2-cli-alpine3.19 8.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-alpine was pulled 1.8K times last month Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.3.2-alpine Minor runtime version update Also known as: 8.3.2-cli-alpine 8.3.2-cli-alpine3.19 8.3.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-alpine Minor runtime version update Also known as: 8.2.15-cli-alpine 8.2.15-cli-alpine3.19 8.2.15-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-fpm-alpine

Name	8.2.17-fpm-alpine3.19
Digest	sha256:c5d9ca92dd6998511c65f223359eec2b0eb1cef311bed2aa2c3778657de8ab28
Vulnerabilities
Pushed	3 weeks ago
Size	31 MB
Packages	50
Flavor	alpine
OS	3.19
Runtime	8.2.17

The base image is also available under the supported tag(s): 8.2-fpm-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3.2-fpm-alpine Minor runtime version update Also known as: 8.3.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.3-fpm-alpine Image has same number of vulnerabilities Also known as: 8.3-fpm-alpine3.19 8-fpm-alpine 8-fpm-alpine3.19 fpm-alpine fpm-alpine3.19	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19	3 weeks ago

[github-actions]

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:cf43182b72cab7c3b5dee8c86c7be66c939dccfd0b9ce0118818bf262697cea5
vulnerabilities
size	83 MB
packages	172

📦 Base Image php:8.1-fpm-alpine

also known as	8.1-fpm-alpine3.19 8.1.27-fpm-alpine 8.1.27-fpm-alpine3.19
digest	sha256:0396ed0b83c93a957834197aca8f34a0d6b8ec75f9f7cd6b337cd4ec3541464b
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:38ba932be530f0959e99c0f39476370a2e8d376580a545bce61b4012e1855d21
vulnerabilities
size	83 MB
packages	172

📦 Base Image php:8.1-fpm-alpine

also known as	8.1-fpm-alpine3.19 8.1.27-fpm-alpine 8.1.27-fpm-alpine3.19
digest	sha256:0396ed0b83c93a957834197aca8f34a0d6b8ec75f9f7cd6b337cd4ec3541464b
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/net@0.8.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50674 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/grpc@1.54.0 Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-alpine

Name	8.1.27-alpine3.19
Digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
Vulnerabilities
Pushed	3 weeks ago
Size	35 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.1.27

The base image is also available under the supported tag(s): 8.1-alpine3.19, 8.1-cli-alpine, 8.1-cli-alpine3.19, 8.1.27-alpine, 8.1.27-alpine3.19, 8.1.27-cli-alpine, 8.1.27-cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-alpine Minor runtime version update Also known as: 8.3-cli-alpine 8.3-cli-alpine3.19 8-cli-alpine 8-cli-alpine3.19 cli-alpine cli-alpine3.19 alpine alpine3.19 8.3-alpine3.19 8-alpine 8-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3	3 weeks ago
8.2-alpine Minor runtime version update Also known as: 8.2-cli-alpine 8.2-cli-alpine3.19 8.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-alpine was pulled 1.8K times last month Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.3.2-alpine Minor runtime version update Also known as: 8.3.2-cli-alpine 8.3.2-cli-alpine3.19 8.3.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-alpine Minor runtime version update Also known as: 8.2.15-cli-alpine 8.2.15-cli-alpine3.19 8.2.15-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-alpine

Name	8.2.17-alpine3.19
Digest	sha256:f0a739b68fa1b0991c5344d6624ac56bc523003b9c9a08c29b05c89076625349
Vulnerabilities
Pushed	3 weeks ago
Size	35 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.2.17

The base image is also available under the supported tag(s): 8.2-alpine3.19, 8.2-cli-alpine, 8.2-cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-alpine Minor runtime version update Also known as: 8.3-cli-alpine 8.3-cli-alpine3.19 8-cli-alpine 8-cli-alpine3.19 cli-alpine cli-alpine3.19 alpine alpine3.19 8.3-alpine3.19 8-alpine 8-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3	3 weeks ago
8.3.2-alpine Minor runtime version update Also known as: 8.3.2-cli-alpine 8.3.2-cli-alpine3.19 8.3.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8-alpine

Name	8.3.4-alpine3.19
Digest	sha256:c7191162ccab268e08a67f7b44aaa2b3403b2b3714b7334ad8f689af18ac89fc
Vulnerabilities
Pushed	3 weeks ago
Size	36 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.3.4

The base image is also available under the supported tag(s): 8-alpine3.19, 8-cli-alpine, 8-cli-alpine3.19, 8.3-alpine, 8.3-alpine3.19, 8.3-cli-alpine, 8.3-cli-alpine3.19, alpine, alpine3.19, cli-alpine, cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-fpm-alpine

Name	8.1.27-fpm-alpine3.19
Digest	sha256:0396ed0b83c93a957834197aca8f34a0d6b8ec75f9f7cd6b337cd4ec3541464b
Vulnerabilities
Pushed	3 weeks ago
Size	31 MB
Packages	50
Flavor	alpine
OS	3.19
Runtime	8.1.27

The base image is also available under the supported tag(s): 8.1-fpm-alpine3.19, 8.1.27-fpm-alpine, 8.1.27-fpm-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.2-fpm-alpine Minor runtime version update Also known as: 8.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-fpm-alpine was pulled 4.1K times last month Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.3.2-fpm-alpine Minor runtime version update Also known as: 8.3.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-fpm-alpine Minor runtime version update Also known as: 8.2.15-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago
8.3-fpm-alpine Image has same number of vulnerabilities Also known as: 8.3-fpm-alpine3.19 8-fpm-alpine 8-fpm-alpine3.19 fpm-alpine fpm-alpine3.19	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19	3 weeks ago

[github-actions]

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-fpm-alpine

Name	8.1.27-fpm-alpine3.19
Digest	sha256:0396ed0b83c93a957834197aca8f34a0d6b8ec75f9f7cd6b337cd4ec3541464b
Vulnerabilities
Pushed	3 weeks ago
Size	31 MB
Packages	50
Flavor	alpine
OS	3.19
Runtime	8.1.27

The base image is also available under the supported tag(s): 8.1-fpm-alpine3.19, 8.1.27-fpm-alpine, 8.1.27-fpm-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.2-fpm-alpine Minor runtime version update Also known as: 8.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-fpm-alpine was pulled 4.1K times last month Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.3.2-fpm-alpine Minor runtime version update Also known as: 8.3.2-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-fpm-alpine Minor runtime version update Also known as: 8.2.15-fpm-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 31 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago
8.3-fpm-alpine Image has same number of vulnerabilities Also known as: 8.3-fpm-alpine3.19 8-fpm-alpine 8-fpm-alpine3.19 fpm-alpine fpm-alpine3.19	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 32 MB Flavor: alpine OS: 3.19	3 weeks ago