search

OWASP / Docker-Security

Getting a handle on container security
https://owasp.org/www-project-docker-top-10/
Other
625 stars 130 forks source link

owasp/modsecurity vulnerabilites #27

Closed githubcdr closed 3 years ago

githubcdr commented 3 years ago

Hi,

I noticed a lot of vulnerabilities in the owasp/modsecurity:3 Docker image. I didn't find a repo for the Docker image so posting here. (It feels a bit sour having to accept 2 critical and 106 high vulnerabilities if we want to implement WAF in our cluster..)

$ trivy i owasp/modsecurity:3

owasp/modsecurity:3 (debian 10.3)
=================================
Total: 569 (UNKNOWN: 2, LOW: 379, MEDIUM: 80, HIGH: 106, CRITICAL: 2)

The Docker image could use some attention, the source files are left in the container only wasting image size.

Could you address these vulnerabilities and create a repo for the source?

Cheers, cDR

drwetter commented 3 years ago

Hi there,

this is unfortunately the wrong place.

Could you please address that here: https://github.com/coreruleset/coreruleset/ ?

Cheers, Dirk

githubcdr commented 3 years ago

Ok thanks for the quick response!

drwetter commented 3 years ago

sure.

On the rhs @ https://owasp.org/www-project-modsecurity-core-rule-set/ there's the image probably you were referring to.