Vulnerability Reportnginxdemos/hello:0.2-plain-text

nginxdemos/hello:0.2-plain-text

DIGESTsha256:bf81fd9487414f40996acbde843e56c499e94ec6deba4f032492bc2e711842e9

Executive Summary

Threat ScoreDANGEROUS• 25 exposed vulnerabilities, including 8 with severity >= 7.0 and a max severity of 9.75.• CVE-2023-44487 (HTTP/2 Rapid Reset) has near-certain exploitation (EPSS 0.99999) and can cause denial of service.• Multiple high-severity flaws in nghttp2, zlib, and OpenSSL (e.g., CVE-2018-25032, CVE-2023-0286) increase risk.

100/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (350M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2023-44487 (HTTP/2 Rapid Reset) to cause a denial of service, or leverage CVE-2018-25032 in zlib to trigger memory corruption, potentially leading to code execution. Note that CVE-2023-0286 only applies if CRL checking is enabled, which is non-default for nginx. Disabling HTTP/2 would fully mitigate CVE-2023-44487, but at a significant performance cost.

Vulnerabilities

Vulnerability Log

115 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-44487	CRITICAL9.75	nghttp2-libs 1.46.0-r0 fixed in 1.46.0-r2	100.0% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2018-25032	HIGH7.8	zlib 1.2.11-r3 fixed in 1.2.12-r0	51.7% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2023-0286	HIGH7.7	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1t-r0	59.5% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2023-0286	HIGH7.7	libssl1.1 1.1.1n-r0 fixed in 1.1.1t-r0	59.5% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2023-0464	HIGH7.5	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1t-r2	3.7% Low-Moderate Risk	Directly Exposed
CVE-2023-0215	HIGH7.5	libssl1.1 1.1.1n-r0 fixed in 1.1.1t-r0	4.5% Low-Moderate Risk	Directly Exposed
CVE-2023-0464	HIGH7.5	libssl1.1 1.1.1n-r0 fixed in 1.1.1t-r2	3.7% Low-Moderate Risk	Directly Exposed
CVE-2023-35945	HIGH7.5	nghttp2-libs 1.46.0-r0 fixed in 1.46.0-r1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2022-4304	MEDIUM6.79	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1t-r0	16.2% High Exploitation Risk	Directly Exposed
CVE-2022-4304	MEDIUM6.79	libssl1.1 1.1.1n-r0 fixed in 1.1.1t-r0	16.2% High Exploitation Risk	Directly Exposed
CVE-2023-2650	MEDIUM6.76	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1u-r0	77.9% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2023-2650	MEDIUM6.76	libssl1.1 1.1.1n-r0 fixed in 1.1.1u-r0	77.9% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2022-29824	MEDIUM6.5	libxml2 2.9.13-r0 fixed in 2.9.14-r0	3.4% Low-Moderate Risk	Directly Exposed
CVE-2023-1999	MEDIUM6.38	libwebp 1.2.2-r0 fixed in 1.2.2-r1	1.0% Theoretical Threat	Directly Exposed
CVE-2022-41409	MEDIUM6.38	pcre2 10.39-r0 fixed in 10.42-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2022-2097	MEDIUM5.3	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1q-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2023-0465	MEDIUM5.3	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1t-r2	1.6% Low-Moderate Risk	Directly Exposed
CVE-2023-3446	MEDIUM5.3	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1u-r2	5.5% Low-Moderate Risk	Directly Exposed
CVE-2023-3817	MEDIUM5.3	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1v-r0	2.6% Low-Moderate Risk	Directly Exposed
CVE-2023-5678	MEDIUM5.3	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1w-r1	4.5% Low-Moderate Risk	Directly Exposed
CVE-2022-2097	MEDIUM5.3	libssl1.1 1.1.1n-r0 fixed in 1.1.1q-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2023-0465	MEDIUM5.3	libssl1.1 1.1.1n-r0 fixed in 1.1.1t-r2	1.6% Low-Moderate Risk	Directly Exposed
CVE-2023-3446	MEDIUM5.3	libssl1.1 1.1.1n-r0 fixed in 1.1.1u-r2	5.5% Low-Moderate Risk	Directly Exposed
CVE-2023-3817	MEDIUM5.3	libssl1.1 1.1.1n-r0 fixed in 1.1.1v-r0	2.6% Low-Moderate Risk	Directly Exposed
CVE-2023-5678	MEDIUM5.3	libssl1.1 1.1.1n-r0 fixed in 1.1.1w-r1	4.5% Low-Moderate Risk	Directly Exposed
CVE-2023-27533	MEDIUM5.28	curl 7.80.0-r0 fixed in 8.0.1-r0	2.0% Low-Moderate Risk	Post-Exploit
CVE-2023-27534	MEDIUM5.28	curl 7.80.0-r0 fixed in 8.0.1-r0	2.2% Low-Moderate Risk	Post-Exploit
CVE-2023-27533	MEDIUM5.28	libcurl 7.80.0-r0 fixed in 8.0.1-r0	2.0% Low-Moderate Risk	Post-Exploit
CVE-2023-27534	MEDIUM5.28	libcurl 7.80.0-r0 fixed in 8.0.1-r0	2.2% Low-Moderate Risk	Post-Exploit
CVE-2022-43551	MEDIUM5.17	curl 7.80.0-r0 fixed in 7.80.0-r5	17.0% High Exploitation Risk	Post-Exploit
CVE-2022-43551	MEDIUM5.17	libcurl 7.80.0-r0 fixed in 7.80.0-r5	17.0% High Exploitation Risk	Post-Exploit
CVE-2022-22576	MEDIUM4.86	curl 7.80.0-r0 fixed in 7.80.0-r1	1.9% Low-Moderate Risk	Post-Exploit
CVE-2022-42915	MEDIUM4.86	curl 7.80.0-r0 fixed in 7.80.0-r4	2.9% Low-Moderate Risk	Post-Exploit
CVE-2022-22576	MEDIUM4.86	libcurl 7.80.0-r0 fixed in 7.80.0-r1	1.9% Low-Moderate Risk	Post-Exploit
CVE-2022-42915	MEDIUM4.86	libcurl 7.80.0-r0 fixed in 7.80.0-r4	2.9% Low-Moderate Risk	Post-Exploit
CVE-2023-23914	MEDIUM4.64	curl 7.80.0-r0 fixed in 7.80.0-r6	0.9% Theoretical Threat	Post-Exploit
CVE-2023-23914	MEDIUM4.64	libcurl 7.80.0-r0 fixed in 7.80.0-r6	0.9% Theoretical Threat	Post-Exploit
CVE-2023-38545	MEDIUM4.58	curl 7.80.0-r0 fixed in 8.4.0-r0	78.5% Actively Exploited	Post-Exploit
CVE-2023-38545	MEDIUM4.58	libcurl 7.80.0-r0 fixed in 8.4.0-r0	78.5% Actively Exploited	Post-Exploit
CVE-2022-27775	MEDIUM4.5	curl 7.80.0-r0 fixed in 7.80.0-r1	2.8% Low-Moderate Risk	Post-Exploit
CVE-2022-27780	MEDIUM4.5	curl 7.80.0-r0 fixed in 7.80.0-r2	2.2% Low-Moderate Risk	Post-Exploit
CVE-2022-27781	MEDIUM4.5	curl 7.80.0-r0 fixed in 7.80.0-r2	2.4% Low-Moderate Risk	Post-Exploit
CVE-2022-27782	MEDIUM4.5	curl 7.80.0-r0 fixed in 7.80.0-r2	2.6% Low-Moderate Risk	Post-Exploit
CVE-2022-42916	MEDIUM4.5	curl 7.80.0-r0 fixed in 7.80.0-r4	1.6% Low-Moderate Risk	Post-Exploit
CVE-2023-28319	MEDIUM4.5	curl 7.80.0-r0 fixed in 8.1.0-r0	2.5% Low-Moderate Risk	Post-Exploit
CVE-2022-27775	MEDIUM4.5	libcurl 7.80.0-r0 fixed in 7.80.0-r1	2.8% Low-Moderate Risk	Post-Exploit
CVE-2022-27780	MEDIUM4.5	libcurl 7.80.0-r0 fixed in 7.80.0-r2	2.2% Low-Moderate Risk	Post-Exploit
CVE-2022-27781	MEDIUM4.5	libcurl 7.80.0-r0 fixed in 7.80.0-r2	2.4% Low-Moderate Risk	Post-Exploit
CVE-2022-27782	MEDIUM4.5	libcurl 7.80.0-r0 fixed in 7.80.0-r2	2.6% Low-Moderate Risk	Post-Exploit
CVE-2022-42916	MEDIUM4.5	libcurl 7.80.0-r0 fixed in 7.80.0-r4	1.6% Low-Moderate Risk	Post-Exploit
CVE-2023-28319	MEDIUM4.5	libcurl 7.80.0-r0 fixed in 8.1.0-r0	2.5% Low-Moderate Risk	Post-Exploit
CVE-2022-32206	MEDIUM4.48	curl 7.80.0-r0 fixed in 7.80.0-r2	32.0% High Exploitation Risk	Post-Exploit
CVE-2022-32206	MEDIUM4.48	libcurl 7.80.0-r0 fixed in 7.80.0-r2	32.0% High Exploitation Risk	Post-Exploit
CVE-2023-4863	MEDIUM4.12	libwebp 1.2.2-r0 fixed in 1.2.2-r2	99.7% Actively Exploited	Post-Exploit
CVE-2022-37434	MEDIUM4.06	zlib 1.2.11-r3 fixed in 1.2.12-r2	15.9% High Exploitation Risk	Post-Exploit
CVE-2022-27776	LOW3.9	curl 7.80.0-r0 fixed in 7.80.0-r1	3.4% Low-Moderate Risk	Post-Exploit
CVE-2023-23916	LOW3.9	curl 7.80.0-r0 fixed in 7.80.0-r6	1.7% Low-Moderate Risk	Post-Exploit
CVE-2023-46218	LOW3.9	curl 7.80.0-r0 fixed in 8.5.0-r0	1.7% Low-Moderate Risk	Post-Exploit
CVE-2022-27776	LOW3.9	libcurl 7.80.0-r0 fixed in 7.80.0-r1	3.4% Low-Moderate Risk	Post-Exploit
CVE-2023-23916	LOW3.9	libcurl 7.80.0-r0 fixed in 7.80.0-r6	1.7% Low-Moderate Risk	Post-Exploit
CVE-2023-46218	LOW3.9	libcurl 7.80.0-r0 fixed in 8.5.0-r0	1.7% Low-Moderate Risk	Post-Exploit
CVE-2022-32208	LOW3.54	curl 7.80.0-r0 fixed in 7.80.0-r2	5.6% Low-Moderate Risk	Post-Exploit
CVE-2022-43552	LOW3.54	curl 7.80.0-r0 fixed in 7.80.0-r5	2.5% Low-Moderate Risk	Post-Exploit
CVE-2023-27535	LOW3.54	curl 7.80.0-r0 fixed in 8.0.1-r0	1.6% Low-Moderate Risk	Post-Exploit
CVE-2023-27536	LOW3.54	curl 7.80.0-r0 fixed in 8.0.1-r0	1.6% Low-Moderate Risk	Post-Exploit
CVE-2023-27537	LOW3.54	curl 7.80.0-r0 fixed in 8.0.1-r0	1.9% Low-Moderate Risk	Post-Exploit
CVE-2023-28320	LOW3.54	curl 7.80.0-r0 fixed in 8.1.0-r0	2.7% Low-Moderate Risk	Post-Exploit
CVE-2023-28321	LOW3.54	curl 7.80.0-r0 fixed in 8.1.0-r0	1.8% Low-Moderate Risk	Post-Exploit
CVE-2022-32208	LOW3.54	libcurl 7.80.0-r0 fixed in 7.80.0-r2	5.6% Low-Moderate Risk	Post-Exploit
CVE-2022-43552	LOW3.54	libcurl 7.80.0-r0 fixed in 7.80.0-r5	2.5% Low-Moderate Risk	Post-Exploit
CVE-2023-27535	LOW3.54	libcurl 7.80.0-r0 fixed in 8.0.1-r0	1.6% Low-Moderate Risk	Post-Exploit
CVE-2023-27536	LOW3.54	libcurl 7.80.0-r0 fixed in 8.0.1-r0	1.6% Low-Moderate Risk	Post-Exploit
CVE-2023-27537	LOW3.54	libcurl 7.80.0-r0 fixed in 8.0.1-r0	1.9% Low-Moderate Risk	Post-Exploit
CVE-2023-28320	LOW3.54	libcurl 7.80.0-r0 fixed in 8.1.0-r0	2.7% Low-Moderate Risk	Post-Exploit
CVE-2023-28321	LOW3.54	libcurl 7.80.0-r0 fixed in 8.1.0-r0	1.8% Low-Moderate Risk	Post-Exploit
CVE-2022-32207	LOW3.53	curl 7.80.0-r0 fixed in 7.80.0-r2	5.5% Low-Moderate Risk	Post-Exploit
CVE-2022-32221	LOW3.53	curl 7.80.0-r0 fixed in 7.80.0-r4	4.3% Low-Moderate Risk	Post-Exploit
CVE-2022-27404	LOW3.53	freetype 2.11.0-r0 fixed in 2.11.1-r1	2.6% Low-Moderate Risk	Post-Exploit
CVE-2022-32207	LOW3.53	libcurl 7.80.0-r0 fixed in 7.80.0-r2	5.5% Low-Moderate Risk	Post-Exploit
CVE-2022-32221	LOW3.53	libcurl 7.80.0-r0 fixed in 7.80.0-r4	4.3% Low-Moderate Risk	Post-Exploit
CVE-2023-38039	LOW3.51	curl 7.80.0-r0 fixed in 8.3.0-r0	62.2% Actively Exploited	Post-Exploit
CVE-2023-38039	LOW3.51	libcurl 7.80.0-r0 fixed in 8.3.0-r0	62.2% Actively Exploited	Post-Exploit
CVE-2022-27774	LOW3.42	curl 7.80.0-r0 fixed in 7.80.0-r1	1.6% Low-Moderate Risk	Post-Exploit
CVE-2022-27774	LOW3.42	libcurl 7.80.0-r0 fixed in 7.80.0-r1	1.6% Low-Moderate Risk	Post-Exploit
CVE-2023-23915	LOW3.31	curl 7.80.0-r0 fixed in 7.80.0-r6	0.9% Theoretical Threat	Post-Exploit
CVE-2023-23915	LOW3.31	libcurl 7.80.0-r0 fixed in 7.80.0-r6	0.9% Theoretical Threat	Post-Exploit
CVE-2023-27538	LOW3.3	curl 7.80.0-r0 fixed in 8.0.1-r0	1.2% Low-Moderate Risk	Post-Exploit
CVE-2023-27538	LOW3.3	libcurl 7.80.0-r0 fixed in 8.0.1-r0	1.2% Low-Moderate Risk	Post-Exploit
CVE-2022-1586	LOW3.28	pcre2 10.39-r0 fixed in 10.40-r0	3.0% Low-Moderate Risk	Post-Exploit
CVE-2022-1587	LOW3.28	pcre2 10.39-r0 fixed in 10.40-r0	2.4% Low-Moderate Risk	Post-Exploit
CVE-2023-46219	LOW3.18	curl 7.80.0-r0 fixed in 8.5.0-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2023-46219	LOW3.18	libcurl 7.80.0-r0 fixed in 8.5.0-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2022-28391	LOW3.17	busybox 1.34.1-r4 fixed in 1.34.1-r5	3.5% Low-Moderate Risk	Post-Exploit
CVE-2022-28391	LOW3.17	ssl_client 1.34.1-r4 fixed in 1.34.1-r5	3.5% Low-Moderate Risk	Post-Exploit
CVE-2022-1271	LOW3.17	xz-libs 5.2.5-r0 fixed in 5.2.5-r1	4.3% Low-Moderate Risk	Post-Exploit
CVE-2022-4450	LOW3.1	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1t-r0	20.4% High Exploitation Risk	Post-Exploit
CVE-2022-4450	LOW3.1	libssl1.1 1.1.1n-r0 fixed in 1.1.1t-r0	20.4% High Exploitation Risk	Post-Exploit
CVE-2022-40303	LOW3.1	libxml2 2.9.13-r0 fixed in 2.9.14-r2	24.2% High Exploitation Risk	Post-Exploit
CVE-2022-32205	LOW2.97	curl 7.80.0-r0 fixed in 7.80.0-r2	26.9% High Exploitation Risk	Post-Exploit
CVE-2022-32205	LOW2.97	libcurl 7.80.0-r0 fixed in 7.80.0-r2	26.9% High Exploitation Risk	Post-Exploit
CVE-2022-40304	LOW2.81	libxml2 2.9.13-r0 fixed in 2.9.14-r2	6.8% Low-Moderate Risk	Post-Exploit
CVE-2022-27405	LOW2.7	freetype 2.11.0-r0 fixed in 2.11.1-r2	2.2% Low-Moderate Risk	Post-Exploit
CVE-2022-27406	LOW2.7	freetype 2.11.0-r0 fixed in 2.11.1-r2	2.5% Low-Moderate Risk	Post-Exploit
CVE-2023-0215	LOW2.7	libcrypto1.1 1.1.1n-r0 fixed in 1.1.1t-r0	4.5% Low-Moderate Risk	Post-Exploit
CVE-2022-2309	LOW2.7	libxml2 2.9.13-r0 fixed in 2.9.14-r1	2.0% Low-Moderate Risk	Post-Exploit
CVE-2022-35252	LOW2.22	curl 7.80.0-r0 fixed in 7.80.0-r3	1.8% Low-Moderate Risk	Post-Exploit
CVE-2023-28322	LOW2.22	curl 7.80.0-r0 fixed in 8.1.0-r0	2.2% Low-Moderate Risk	Post-Exploit
CVE-2023-38546	LOW2.22	curl 7.80.0-r0 fixed in 8.4.0-r0	6.2% Low-Moderate Risk	Post-Exploit
CVE-2022-35252	LOW2.22	libcurl 7.80.0-r0 fixed in 7.80.0-r3	1.8% Low-Moderate Risk	Post-Exploit
CVE-2023-28322	LOW2.22	libcurl 7.80.0-r0 fixed in 8.1.0-r0	2.2% Low-Moderate Risk	Post-Exploit
CVE-2023-38546	LOW2.22	libcurl 7.80.0-r0 fixed in 8.4.0-r0	6.2% Low-Moderate Risk	Post-Exploit
CVE-2023-29491	NONE0	ncurses-libs 6.3_p20211120-r0 fixed in 6.3_p20211120-r2	0.9% Theoretical Threat	Not Applicable
CVE-2023-29491	NONE0	ncurses-terminfo-base 6.3_p20211120-r0 fixed in 6.3_p20211120-r2	0.9% Theoretical Threat	Not Applicable
CVE-2022-29458	NONE0	ncurses-libs 6.3_p20211120-r0 fixed in 6.3_p20211120-r1	1.3% Low-Moderate Risk	Not Applicable
CVE-2022-29458	NONE0	ncurses-terminfo-base 6.3_p20211120-r0 fixed in 6.3_p20211120-r1	1.3% Low-Moderate Risk	Not Applicable