Vulnerability Reportnginxdemos/hello:0.3

nginxdemos/hello:0.3

DIGESTsha256:ad10752170d6360abd7cc69981925aca006a784467003dfcb886e294af93c30e

Executive Summary

Threat ScoreCAUTION• 2 high-severity vulnerabilities (CVE-2024-6119, CVSS 7.8) affect openssl packages (libcrypto3, libssl3).• Exploitation requires non-default nginx configuration: client certificate verification with name checks.• Image is from a popular community (350M+ pulls) and pinned by digest, reducing supply chain risks.• 15 total exposed vulnerabilities, but no post-exploit findings of concern (max severity 3.57).

74/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (350M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The most notable vulnerability (CVE-2024-6119) could allow a denial of service via a crafted client certificate, but only if nginx is configured to request and verify client certificates—a non-default setup. Maintaining the default nginx configuration (without client certificate name checks) fully eliminates this risk. The image otherwise has low post-exploit exposure and is from a trusted, popular source.

Vulnerabilities

Vulnerability Log

74 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2024-6119	HIGH7.8	libcrypto3 3.1.4-r5 fixed in 3.1.7-r0	66.6% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2024-6119	HIGH7.8	libssl3 3.1.4-r5 fixed in 3.1.7-r0	66.6% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2025-26519	MEDIUM5.95	musl 1.2.4-r2 fixed in 1.2.4-r3	0.3% Theoretical Threat	Directly Exposed
CVE-2024-4741	MEDIUM5.6	libcrypto3 3.1.4-r5 fixed in 3.1.6-r0	2.9% Low-Moderate Risk	Directly Exposed
CVE-2024-4741	MEDIUM5.6	libssl3 3.1.4-r5 fixed in 3.1.6-r0	2.9% Low-Moderate Risk	Directly Exposed
CVE-2024-34459	MEDIUM5.5	libxml2 2.11.6-r0 fixed in 2.11.8-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2024-4603	MEDIUM5.3	libcrypto3 3.1.4-r5 fixed in 3.1.5-r0	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-4603	MEDIUM5.3	libssl3 3.1.4-r5 fixed in 3.1.5-r0	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-2511	MEDIUM4.81	libcrypto3 3.1.4-r5 fixed in 3.1.4-r6	54.0% Actively Exploited	Directly Exposed
CVE-2024-2511	MEDIUM4.81	libssl3 3.1.4-r5 fixed in 3.1.4-r6	54.0% Actively Exploited	Directly Exposed
CVE-2023-52426	MEDIUM4.67	libexpat 2.5.0-r1 fixed in 2.6.0-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	libcrypto3 3.1.4-r5 fixed in 3.1.8-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	libssl3 3.1.4-r5 fixed in 3.1.8-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2024-9143	LOW3.7	libcrypto3 3.1.4-r5 fixed in 3.1.7-r1	6.0% Low-Moderate Risk	Directly Exposed
CVE-2024-9143	LOW3.7	libssl3 3.1.4-r5 fixed in 3.1.7-r1	6.0% Low-Moderate Risk	Directly Exposed
CVE-2025-26519	LOW3.57	musl-utils 1.2.4-r2 fixed in 1.2.4-r3	0.3% Theoretical Threat	Post-Exploit
CVE-2024-45491	LOW3.53	libexpat 2.5.0-r1 fixed in 2.6.3-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-45492	LOW3.53	libexpat 2.5.0-r1 fixed in 2.6.3-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-56171	LOW3.53	libxml2 2.11.6-r0 fixed in 2.11.8-r1	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-8096	LOW3.31	curl 8.5.0-r0 fixed in 8.10.0-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2024-8096	LOW3.31	libcurl 8.5.0-r0 fixed in 8.10.0-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2024-2379	LOW3.24	curl 8.5.0-r0 fixed in 8.7.1-r0	1.7% Low-Moderate Risk	Post-Exploit
CVE-2024-2379	LOW3.24	libcurl 8.5.0-r0 fixed in 8.7.1-r0	1.7% Low-Moderate Risk	Post-Exploit
CVE-2024-0853	LOW3.18	curl 8.5.0-r0 fixed in 8.6.0-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-2466	LOW3.18	curl 8.5.0-r0 fixed in 8.7.1-r0	1.3% Low-Moderate Risk	Post-Exploit
CVE-2024-2004	LOW3.18	curl 8.5.0-r0 fixed in 8.7.1-r0	1.7% Low-Moderate Risk	Post-Exploit
CVE-2024-0853	LOW3.18	libcurl 8.5.0-r0 fixed in 8.6.0-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-2466	LOW3.18	libcurl 8.5.0-r0 fixed in 8.7.1-r0	1.3% Low-Moderate Risk	Post-Exploit
CVE-2024-2004	LOW3.18	libcurl 8.5.0-r0 fixed in 8.7.1-r0	1.7% Low-Moderate Risk	Post-Exploit
CVE-2024-2398	LOW3.1	curl 8.5.0-r0 fixed in 8.7.1-r0	36.1% High Exploitation Risk	Post-Exploit
CVE-2024-2398	LOW3.1	libcurl 8.5.0-r0 fixed in 8.7.1-r0	36.1% High Exploitation Risk	Post-Exploit
CVE-2023-42363	LOW2.8	busybox 1.36.1-r5 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	busybox 1.36.1-r5 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	busybox 1.36.1-r5 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	busybox 1.36.1-r5 fixed in 1.36.1-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42363	LOW2.8	busybox-binsh 1.36.1-r5 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	busybox-binsh 1.36.1-r5 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	busybox-binsh 1.36.1-r5 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	busybox-binsh 1.36.1-r5 fixed in 1.36.1-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42363	LOW2.8	ssl_client 1.36.1-r5 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	ssl_client 1.36.1-r5 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	ssl_client 1.36.1-r5 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	ssl_client 1.36.1-r5 fixed in 1.36.1-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2024-6197	LOW2.7	curl 8.5.0-r0 fixed in 8.9.0-r0	4.3% Low-Moderate Risk	Post-Exploit
CVE-2024-6197	LOW2.7	libcurl 8.5.0-r0 fixed in 8.9.0-r0	4.3% Low-Moderate Risk	Post-Exploit
CVE-2023-52425	LOW2.7	libexpat 2.5.0-r1 fixed in 2.6.0-r0	1.8% Low-Moderate Risk	Post-Exploit
CVE-2024-28757	LOW2.7	libexpat 2.5.0-r1 fixed in 2.6.2-r0	2.0% Low-Moderate Risk	Post-Exploit
CVE-2024-45490	LOW2.7	libexpat 2.5.0-r1 fixed in 2.6.3-r0	1.7% Low-Moderate Risk	Post-Exploit
CVE-2024-8176	LOW2.7	libexpat 2.5.0-r1 fixed in 2.7.0-r0	1.6% Low-Moderate Risk	Post-Exploit
CVE-2024-25062	LOW2.7	libxml2 2.11.6-r0 fixed in 2.11.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2025-27113	LOW2.7	libxml2 2.11.6-r0 fixed in 2.11.8-r2	1.0% Low-Moderate Risk	Post-Exploit
CVE-2024-7264	LOW2.69	curl 8.5.0-r0 fixed in 8.9.1-r0	16.2% High Exploitation Risk	Post-Exploit
CVE-2024-7264	LOW2.69	libcurl 8.5.0-r0 fixed in 8.9.1-r0	16.2% High Exploitation Risk	Post-Exploit
CVE-2025-0665	LOW2.4	curl 8.5.0-r0 fixed in 8.12.0-r0	1.2% Low-Moderate Risk	Post-Exploit
CVE-2025-0725	LOW2.4	curl 8.5.0-r0 fixed in 8.12.0-r0	1.2% Low-Moderate Risk	Post-Exploit
CVE-2025-0665	LOW2.4	libcurl 8.5.0-r0 fixed in 8.12.0-r0	1.2% Low-Moderate Risk	Post-Exploit
CVE-2025-0725	LOW2.4	libcurl 8.5.0-r0 fixed in 8.12.0-r0	1.2% Low-Moderate Risk	Post-Exploit
CVE-2024-55549	LOW2.39	libxslt 1.1.38-r0 fixed in 1.1.38-r1	0.3% Theoretical Threat	Post-Exploit
CVE-2025-24855	LOW2.39	libxslt 1.1.38-r0 fixed in 1.1.38-r1	0.3% Theoretical Threat	Post-Exploit
CVE-2025-24928	LOW2.36	libxml2 2.11.6-r0 fixed in 2.11.8-r1	0.4% Theoretical Threat	Post-Exploit
CVE-2024-9681	LOW2.34	curl 8.5.0-r0 fixed in 8.11.0-r0	2.0% Low-Moderate Risk	Post-Exploit
CVE-2024-9681	LOW2.34	libcurl 8.5.0-r0 fixed in 8.11.0-r0	2.0% Low-Moderate Risk	Post-Exploit
CVE-2025-32414	LOW2.29	libxml2 2.11.6-r0 fixed in 2.11.8-r3	0.3% Theoretical Threat	Post-Exploit
CVE-2025-32415	LOW2.29	libxml2 2.11.6-r0 fixed in 2.11.8-r3	0.5% Theoretical Threat	Post-Exploit
CVE-2025-31115	LOW2.29	xz-libs 5.4.3-r0 fixed in 5.4.3-r1	0.6% Theoretical Threat	Post-Exploit
CVE-2024-6874	LOW2.19	curl 8.5.0-r0 fixed in 8.9.0-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2024-6874	LOW2.19	libcurl 8.5.0-r0 fixed in 8.9.0-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2024-11053	LOW2.12	curl 8.5.0-r0 fixed in 8.11.1-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-5535	LOW2.12	libcrypto3 3.1.4-r5 fixed in 3.1.6-r0	5.6% Low-Moderate Risk	Post-Exploit
CVE-2024-11053	LOW2.12	libcurl 8.5.0-r0 fixed in 8.11.1-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-50602	LOW2.12	libexpat 2.5.0-r1 fixed in 2.6.4-r0	1.0% Low-Moderate Risk	Post-Exploit
CVE-2024-5535	LOW2.12	libssl3 3.1.4-r5 fixed in 3.1.6-r0	5.6% Low-Moderate Risk	Post-Exploit
CVE-2025-0167	NONE0	curl 8.5.0-r0 fixed in 8.12.0-r0	0.6% Theoretical Threat	Not Applicable
CVE-2025-0167	NONE0	libcurl 8.5.0-r0 fixed in 8.12.0-r0	0.6% Theoretical Threat	Not Applicable