Closed r4nd0m-seclab closed 1 year ago
Using anchore/grype
➜ ~ grype --only-fixed zookeeper:3.8.0-temurin ✔ Vulnerability DB [updated] New version of grype is available: 0.52.0 ✔ Pulled image ✔ Loaded image ✔ Parsed image ✔ Cataloged packages [186 packages] ✔ Scanned image [50 vulnerabilities]
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY jackson-databind 2.13.1 2.13.4.1 java-archive GHSA-jjjh-jjxp-wpff High jackson-databind 2.13.1 2.13.4 java-archive GHSA-rgv9-q543-rqg4 High jackson-databind 2.13.1 2.13.2.1 java-archive GHSA-57j2-w4cx-62h2 High jetty-http 9.4.43.v20210629 9.4.47 java-archive GHSA-cj7v-27pg-wf7q Low
Fixed in 3.8.1 (see https://issues.apache.org/jira/browse/ZOOKEEPER-4505). The tag will be available on Docker Hub once this PR is merged.
3.8.1
Using anchore/grype
➜ ~ grype --only-fixed zookeeper:3.8.0-temurin ✔ Vulnerability DB [updated] New version of grype is available: 0.52.0 ✔ Pulled image ✔ Loaded image ✔ Parsed image ✔ Cataloged packages [186 packages] ✔ Scanned image [50 vulnerabilities]
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY jackson-databind 2.13.1 2.13.4.1 java-archive GHSA-jjjh-jjxp-wpff High jackson-databind 2.13.1 2.13.4 java-archive GHSA-rgv9-q543-rqg4 High jackson-databind 2.13.1 2.13.2.1 java-archive GHSA-57j2-w4cx-62h2 High jetty-http 9.4.43.v20210629 9.4.47 java-archive GHSA-cj7v-27pg-wf7q Low