2 matches found
syft 安全漏洞
Syft is an open-source CLI tool and Go library developed by Anchore, used to generate Software Bill of Materials SBOMs from container images and file systems. Versions of Syft prior to 1.42.3 contain security vulnerabilities. These vulnerabilities stem from improper cleanup of temporary storage...
Information Disclosure
github.com/anchore/syft is vulnerable to Information Disclosure. The vulnerability exists due to the SYFTATTESTPASSWORD environment variable in the syft logs leaking when -vv or -vvv are used in the syft command which is any log level = DEBUG and in the attestation or SBOM only when the syft-json...