search

TimWolla / docker-adminer

Database management in a single PHP file
https://hub.docker.com/_/adminer/
157 stars 69 forks source link

High Severity vulnerablity in `postgresql14/libpq` #128

Closed vovtz closed 1 year ago

vovtz commented 1 year ago

Scanning the container image with Snyk reveals that postgresql14/libpq has a High Severity vulnerability:

✗ High severity vulnerability found in postgresql14/libpq
  Description: Improper Control of Dynamically-Managed Code Resources
  Info: https://security.snyk.io/vuln/SNYK-ALPINE316-POSTGRESQL14-2980353
  Introduced through: postgresql14/libpq@14.4-r1, .phpexts-rundeps@20220810.041247
  From: postgresql14/libpq@14.4-r1
  From: .phpexts-rundeps@20220810.041247 > postgresql14/libpq@14.4-r1
  Image layer: 'apk add --virtual .phpexts-rundeps $runDeps'
  Fixed in: 14.5-r0
TimWolla commented 1 year ago

Please see: https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves

My understanding is that the issue only affects the Postgres server, not the client. Thus it does not apply to this image / is a false positive. In any case the update should be applied when the image is rebuilt the next time which I don't control.

/cc @tianon