update

2025-05-06 10:41:39 +00:00 · 2025-03-11 11:03:38 +08:00 · 2025-03-11 11:03:38 +08:00 · dfb7c6d282
commit dfb7c6d282
parent 534204d36f
3 changed files with 57 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -252,6 +252,7 @@
  * Apache Airflow 示例DAG中的命令注入 CVE-2020-11978
  * Apache Airflow 远程代码执行漏洞 CVE-2022-40127
  * Apache Airflow 默认密钥导致的权限绕过 CVE-2020-17526
+  * Apache HertzBeat SnakeYaml 反序列化远程代码执行漏洞 CVE-2024-42323
  * Apache Superset SECRET_KEY 未授权访问漏洞 CVE-2023-27524
  * Apache Unomi 远程表达式代码执行漏洞 CVE-2020-13942
  * Apache Zeppelin 未授权任意命令执行漏洞
@ -308,6 +309,7 @@
  * F5 BIG-IP iControl REST身份认证绕过漏洞 CVE-2022-1388
  * F5 BIG-IP 远程代码执行漏洞 CVE-2020-5902
  * F5 BIG-IP 远程代码执行漏洞 CVE-2021-22986
+  * FFmpeg AVI 任意文件读取漏洞 CVE-2017-9993
  * FFmpeg 任意文件读取漏洞SSRF漏洞 CVE-2016-1897+CVE-2016-1898
  * Fhem FileLog_logWrapper 任意文件读取漏洞 CVE-2020-19360
  * Franklin Fueling Systems tsaupload.cgi 任意文件读取漏洞 CVE-2021-46417
@ -359,6 +361,7 @@
  * JumpServer 未授权接口 远程命令执行漏洞
  * JumpServer 远程代码执行漏洞 CVE-2024-29201&CVE-2024-29202
  * Jupyter Notebook 未授权访问远程命令执行漏洞
+  * Kibana 7.6.2 upgrade-assistant-telemetry 原型污染导致远程代码执行 CVE-2020-7012
  * Kibana 原型链污染导致任意代码执行漏洞 CVE-2019-7609
  * Kibana 本地文件包含漏洞 CVE-2018-17246
  * kkFileView getCorsFile 任意文件读取漏洞 CVE-2021-43734
--- a/base/grafana/11.0.0/Dockerfile
+++ b/base/grafana/11.0.0/Dockerfile
@ -0,0 +1,14 @@
+FROM grafana/grafana:11.0.0-ubuntu
+
+USER root
+
+# Install DuckDB
+COPY duckdb_cli-linux-amd64.zip /tmp/
+
+RUN apt-get update && apt-get install -y && apt-get install unzip -y
+    && unzip /tmp/duckdb_cli-linux-amd64.zip -d /usr/local/bin/ \
+    && chmod +x /usr/local/bin/duckdb \
+    && rm /tmp/duckdb_cli-linux-amd64.zip
+
+# Add DuckDB to the PATH
+ENV PATH="/usr/local/bin:${PATH}"
--- a/base/grafana/11.0.0/docker-compose.yml
+++ b/base/grafana/11.0.0/docker-compose.yml
@ -0,0 +1,40 @@
+services:
+  mysql:
+    image: mysql:latest
+    restart: always
+    environment:
+      - MYSQL_ROOT_PASSWORD=rootpassword
+      - MYSQL_DATABASE=grafanadb
+      - MYSQL_USER=grafana
+      - MYSQL_PASSWORD=grafanapassword
+    volumes:
+      - ./mysql-data:/var/lib/mysql
+    ports:
+      - "3306:3306"
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+  
+  grafana:
+    build: .
+    ports:
+      - "3000:3000"
+    environment:
+      - GF_SECURITY_ADMIN_PASSWORD=AwesomePoc123!
+      - GF_DATABASE_TYPE=mysql
+      - GF_DATABASE_HOST=mysql:3306
+      - GF_DATABASE_USER=grafana
+      - GF_DATABASE_PASSWORD=grafanapassword
+      - GF_DATABASE_NAME=grafanadb
+    volumes:
+      - grafana-storage:/var/lib/grafana
+      - ./grafana.ini:/etc/grafana/grafana.ini
+
+    depends_on:
+        mysql:
+         condition: service_healthy  
+volumes:
+  grafana-storage:
+  mysql-storage: