Closed davidmalSAP closed 1 year ago
sjhx
commented
2 years ago Hi @davidmalac, thanks for the report. Would you mind sharing what security scanner you are using? I am looking at resolving the issues mentioned and it would be ideal to be able to test resolution before shipping it.
davidmalSAP
commented
2 years ago Sure @sjhx - it is Protecode scan tool
sjhx
commented
1 year ago Please advise if we have vulnerabilities showing on the tool, we can look to close any gaps we have using our own tooling.
sjhx
commented
1 year ago closing as solved
Hi,
Our security scans had found multiple Critical & High vulnerabilities for Portieris v0.13.1 image. Can issues be fixed as a part of next release ?
Component glibc (2.28) (CRITICAL) https://nvd.nist.gov/vuln/detail/CVE-2022-23218 (CRITICAL) https://nvd.nist.gov/vuln/detail/CVE-2022-23219 (CRITICAL) https://nvd.nist.gov/vuln/detail/CVE-2021-33574 (CRITICAL) https://nvd.nist.gov/vuln/detail/CVE-2019-9169 (CRITICAL) https://nvd.nist.gov/vuln/detail/CVE-2021-35942 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2021-3999 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2021-3998 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2020-6096 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2020-1751 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2021-38604 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2021-3326 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2019-9192 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2018-20796 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2018-19591 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2020-1752 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2021-3999
Component golang-runtime (1.17.12) (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2022-27664 (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2022-32189
Component jwt-go (v3.2.0+incompatible) (HIGH) https://nvd.nist.gov/vuln/detail/CVE-2020-26160