search

allegroai / clearml-server

ClearML - Auto-Magical CI/CD to streamline your AI workload. Experiment Management, Data Management, Pipeline, Orchestration, Scheduling & Serving in one MLOps/LLMOps solution
https://clear.ml/docs
Other
364 stars 132 forks source link

Vulnerable nginx version #206

Closed lions1988 closed 12 months ago

lions1988 commented 12 months ago

Nessus scanners identified vulnerable nginx version in clearml-webserver image ClearML server version: 1.11

docker exec -ti clearml-webserver nginx -v nginx version: nginx/1.18.0

Nessus plugin: https://www.tenable.com/plugins/nessus/150154

oren-allegro commented 12 months ago

@lions1988 - the nginx image within the ClearML docker (1.18.0-6.1+deb11u3) already contains a fix for the mentioned vulnerability: CVE-2021-23017

For more detail - please see https://security-tracker.debian.org/tracker/CVE-2021-23017

lions1988 commented 12 months ago

Thanks @oren-allegro Based on the link you sent - I will mark this detected vulnerability as false positive