{
	"results": [
		{
			"id": "sha256:f4c0503d26c8da0a04e6190c9d4f2a30f38958852b9fb80bcd2b819a7571e7f7",
			"distro": "Debian GNU/Linux 9 (stretch)",
			"compliances": [
				{
					"title": "Sensitive information provided in environment variables",
					"severity": "high",
					"cause": "The environment variables DD_CELERY_BROKER_PASSWORD,DD_DATABASE_PASSWORD,DD_SECRET_KEY contain sensitive data"
				}
			],
			"complianceDistribution": {
				"critical": 0,
				"high": 1,
				"medium": 0,
				"low": 0,
				"total": 1
			},
			"vulnerabilities": [
				{
					"id": "CVE-2013-7459",
					"cvss": 9.8,
					"vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
					"description": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.",
					"severity": "critical",
					"packageName": "pycrypto",
					"packageVersion": "2.6.1",
					"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7459",
					"riskFactors": {
						"Attack complexity: low": {},
						"Attack vector: network": {},
						"Critical severity": {},
						"Remote execution": {}
					}
				},
				{
					"id": "CVE-2018-6485",
					"status": "open",
					"cvss": 9.8,
					"vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
					"description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.",
					"severity": "high",
					"packageName": "glibc (used in libc6, multiarch-support, libc-bin)",
					"packageVersion": "2.24-11+deb9u4",
					"link": "https://security-tracker.debian.org/tracker/CVE-2018-6485",
					"riskFactors": {
						"Attack complexity: low": {},
						"Attack vector: network": {},
						"High severity": {},
						"Recent vulnerability": {}
					}
				},
				{
					"id": "CVE-2018-1000001",
					"status": "open",
					"cvss": 7.8,
					"vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
					"description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.",
					"severity": "high",
					"packageName": "glibc (used in libc6, multiarch-support, libc-bin)",
					"packageVersion": "2.24-11+deb9u4",
					"link": "https://security-tracker.debian.org/tracker/CVE-2018-1000001",
					"riskFactors": {
						"Attack complexity: low": {},
						"Exploit exists": {},
						"High severity": {},
						"Recent vulnerability": {}
					}
				},
				{
					"id": "CVE-2018-1000001",
					"status": "open",
					"cvss": 6.8,
					"vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
					"description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.",
					"severity": "medium",
					"packageName": "glibc (used in libc6, multiarch-support, libc-bin)",
					"packageVersion": "2.24-11+deb9u4",
					"link": "https://security-tracker.debian.org/tracker/CVE-2018-1000001",
					"riskFactors": {
						"Attack complexity: low": {},
						"Exploit exists": {},
						"High severity": {},
						"Recent vulnerability": {}
					}
				},
				{
					"id": "CVE-2018-9234",
					"status": "open",
					"cvss": 7.5,
					"vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
					"description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.",
					"severity": "low",
					"packageName": "gnupg2 (used in gpgv)",
					"packageVersion": "2.1.18-8~deb9u4",
					"link": "https://security-tracker.debian.org/tracker/CVE-2018-9234",
					"riskFactors": {
						"Attack complexity: low": {},
						"Attack vector: network": {},
						"Recent vulnerability": {}
					}
				}
			],
			"vulnerabilityDistribution": {
				"critical": 1,
				"high": 2,
				"medium": 0,
				"low": 1,
				"total": 4
			},
			"packages": [
				{
					"type": "os",
					"name": "mawk",
					"version": "1.3.3-17",
					"files": [
						{
							"md5": "2f910ac34475bded4c8dbed1b80c9255",
							"path": "/usr/bin/mawk"
						},
						{
							"md5": "86fd70a0b749595f4bc6fe8636fe082c",
							"path": "/usr/share/doc/mawk/copyright"
						}
					]
				},
				{
					"type": "os",
					"name": "dpkg",
					"version": "1.18.25",
					"files": [
						{
							"md5": "69c4ba7f08363e998e0f2e244a04f881",
							"path": "/etc/alternatives/README"
						},
						{
							"md5": "b8065b6bfc248caba501c3f5bb508e66",
							"path": "/etc/cron.daily/dpkg"
						},
						
						{
							"md5": "a5a35195d71029c6f7dfa1eb2a63c1e1",
							"path": "/usr/share/dpkg/tupletable"
						}
					]
				},
				{
					"type": "python",
					"name": "wsgiref",
					"version": "0.1.2",
					"files": [
						{
							"md5": "6a316c9a7edef359ea33ccc1bfd24f53",
							"path": "/usr/local/lib/python2.7/wsgiref.egg-info"
						}
					]
				}
			]
		}
	]
}