Skip to content

Instantly share code, notes, and snippets.

@amouat

amouat/redis.vex

Created January 30, 2026 09:55
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save amouat/49fdb79d6c33de8a11ec791f2d638f66 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save amouat/49fdb79d6c33de8a11ec791f2d638f66 to your computer and use it in GitHub Desktop.
Download ZIP
VEX document for dhi.io/redis:8 retrieved with `docker scout vex get --output redis.vex dhi.io/redis:8@sha256:b9f14448dcb4eaeeab5915c99b29583ee14b199a1b429cff8b258936b9cb3617`
Raw
redis.vex
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://scout.docker.com/public/vex-86086cbedc89f1b1c815fb48bcd3624836df713eae3c1e41e2d5059a0c53fea3",
"author": "Docker Hardened Images \u003cdhi@docker.com\u003e",
"role": "Document Creator",
"version": 1,
"tooling": "Docker Scout",
"statements": [
{
"@id": "175dc971-06c8-48e6-a305-0f493f9ec805",
"vulnerability": {
"name": "CVE-2010-0928"
},
"products": [
{
"@id": "pkg:deb/debian/openssl@3.5.4-1~deb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/openssl@3.5.4-1~deb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libssl3t64"
},
{
"@id": "pkg:deb/debian/openssl-provider-legacy"
},
{
"@id": "pkg:deb/debian/openssl"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libssl3t64"
},
{
"@id": "pkg:deb/debian/openssl-provider-legacy"
},
{
"@id": "pkg:deb/debian/openssl"
}
]
}
],
"status": "not_affected",
"status_notes": "Fault injection based attacks are not within OpenSSLs threat model according to the security policy and this CVE is not treated as security bug by upstream: https://www.openssl.org/policies/general/security-policy.html",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:34:39Z"
},
{
"@id": "bcfc62d9-f5ea-416e-bf1b-54b9f34c3aad",
"vulnerability": {
"name": "CVE-2010-4756"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "Standard POSIX behavior in glibc. Applications using glob need to impose limits themselves. Requires authenticated access and is considered unimportant by Debian.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:35:15Z"
},
{
"@id": "edcb8039-d5e9-4668-a016-42cf015f416c",
"vulnerability": {
"name": "CVE-2013-4392"
},
"products": [
{
"@id": "pkg:deb/debian/systemd@257.9-1~deb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/systemd@257.9-1~deb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libsystemd0"
},
{
"@id": "pkg:deb/debian/systemd"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libsystemd0"
},
{
"@id": "pkg:deb/debian/systemd"
}
]
}
],
"status": "not_affected",
"status_notes": "This CVE is marked as unimportant and specific to configurations using SELinux, which is not applicable here.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:36:58Z"
},
{
"@id": "84055870-5e7f-49e1-9c4e-7ee89500a35c",
"vulnerability": {
"name": "CVE-2018-20796"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "Not treated as vulnerability by upstream glibc. Listed under glibc Security Exceptions.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:35:16Z"
},
{
"@id": "6e4c9d0e-07a7-4977-a116-f931a1127c04",
"vulnerability": {
"name": "CVE-2019-1010022"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "Classified as non-security bug by upstream. Stack guard protection bypass is considered unimportant.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:35:18Z"
},
{
"@id": "e10e6784-64a0-4203-ba88-3db6603873f9",
"vulnerability": {
"name": "CVE-2019-1010023"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "Requires user to explicitly run ldd on malicious ELF files. Classified as non-security bug by upstream.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:35:19Z"
},
{
"@id": "8f76fd2d-7c0b-47e9-b59b-a6b9b0b1b184",
"vulnerability": {
"name": "CVE-2019-1010024"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "ASLR bypass using thread stack and heap cache. Not treated as security bug by upstream.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:35:21Z"
},
{
"@id": "2a64490a-d9f6-4f42-926a-044e6b5ea9b2",
"vulnerability": {
"name": "CVE-2019-1010025"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "ASLR bypass for pthread_created thread heap addresses. Vendor states ASLR bypass itself is not a vulnerability.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:35:22Z"
},
{
"@id": "338fd8ef-9565-4616-8bfd-d3b184e68ef3",
"vulnerability": {
"name": "CVE-2019-9192"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "Uncontrolled recursion in regex processing. Maintainer disputes this as a vulnerability as it only occurs with crafted patterns.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:35:25Z"
},
{
"@id": "392eeac8-8ee8-4dd8-a417-b2e6ae081bcb",
"vulnerability": {
"name": "CVE-2023-31437"
},
"products": [
{
"@id": "pkg:deb/debian/systemd@257.9-1~deb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/systemd@257.9-1~deb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libsystemd0"
},
{
"@id": "pkg:deb/debian/systemd"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libsystemd0"
},
{
"@id": "pkg:deb/debian/systemd"
}
]
}
],
"status": "not_affected",
"status_notes": "This CVE is disputed and not considered a security vulnerability by upstream.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:37:00Z"
},
{
"@id": "39d8d3d6-978b-4ef4-8a9e-14c6760994dd",
"vulnerability": {
"name": "CVE-2023-31438"
},
"products": [
{
"@id": "pkg:deb/debian/systemd@257.9-1~deb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/systemd@257.9-1~deb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libsystemd0"
},
{
"@id": "pkg:deb/debian/systemd"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libsystemd0"
},
{
"@id": "pkg:deb/debian/systemd"
}
]
}
],
"status": "not_affected",
"status_notes": "This CVE is disputed and not considered a security vulnerability by upstream.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:36:56Z"
},
{
"@id": "1e7c9e84-eb16-436d-a0ae-16a53522b0ac",
"vulnerability": {
"name": "CVE-2023-31439"
},
"products": [
{
"@id": "pkg:deb/debian/systemd@257.9-1~deb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/systemd@257.9-1~deb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libsystemd0"
},
{
"@id": "pkg:deb/debian/systemd"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libsystemd0"
},
{
"@id": "pkg:deb/debian/systemd"
}
]
}
],
"status": "not_affected",
"status_notes": "This CVE is marked as unimportant and specific to configurations using SELinux, which is not applicable here.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2025-08-05T20:36:54Z"
},
{
"@id": "debian-nodsa-CVE-2025-15281",
"vulnerability": {
"name": "CVE-2025-15281"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "Marked no-dsa by Debian Security Team; see https://security-tracker.debian.org/tracker/CVE-2025-15281",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2026-01-29T17:10:11Z"
},
{
"@id": "debian-nodsa-CVE-2025-6141",
"vulnerability": {
"name": "CVE-2025-6141"
},
"products": [
{
"@id": "pkg:deb/debian/ncurses@6.5%2B20250216-2?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/ncurses@6.5%2B20250216-2?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libtinfo6"
},
{
"@id": "pkg:deb/debian/ncurses"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libtinfo6"
},
{
"@id": "pkg:deb/debian/ncurses"
}
]
}
],
"status": "not_affected",
"status_notes": "Marked no-dsa by Debian Security Team; see https://security-tracker.debian.org/tracker/CVE-2025-6141",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2026-01-21T21:50:12Z"
},
{
"@id": "debian-nodsa-CVE-2026-0861",
"vulnerability": {
"name": "CVE-2026-0861"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "Marked no-dsa by Debian Security Team; see https://security-tracker.debian.org/tracker/CVE-2026-0861",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2026-01-29T17:10:12Z"
},
{
"@id": "debian-nodsa-CVE-2026-0915",
"vulnerability": {
"name": "CVE-2026-0915"
},
"products": [
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_distro=trixie\u0026os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/glibc@2.41-12%2Bdeb13u1?os_name=debian\u0026os_version=13"
},
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
},
{
"@id": "dhi.io/redis:8",
"subcomponents": [
{
"@id": "pkg:deb/debian/libc6"
},
{
"@id": "pkg:deb/debian/glibc"
}
]
}
],
"status": "not_affected",
"status_notes": "Marked no-dsa by Debian Security Team; see https://security-tracker.debian.org/tracker/CVE-2026-0915",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"timestamp": "2026-01-29T17:10:12Z"
}
],
"timestamp": "2025-08-05T20:34:39Z",
"last_updated": "2026-01-29T17:10:12Z"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment