漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release
Vulnerability Description
Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive information. Users using the affected artifact are advised to immediately remove it and rotate environment secrets. The malicious artifact has been removed from the marketplace. No other affected artifacts have been identified.
CVSS Information
N/A
Vulnerability Type
内嵌的恶意代码
Vulnerability Title
Trivy Action 安全漏洞
Vulnerability Description
Trivy Action是Aqua Security开源的一个容器漏洞扫描软件。 Trivy Action 1.8.12版本存在安全漏洞,该漏洞源于包含恶意代码,可能导致收集和泄露敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A