Closed hanumanin closed 2 years ago
https://nvd.nist.gov/vuln/detail/CVE-2022-22704 this is causing the vulnerability
Just started to see all of these critical and high CVEs related to Alpine 3.15.0. Is there an ETA on when Alpine 3.15.0 will be updated with expat:2.4.3-r0 release?
CVSSv3_critical: 3 CVSSv3_high: 5 cpe: pkg:/alpine:3.15.0:expat:2.4.1-r0 path: N/A resource: expat version: 2.4.1-r0 vulnerabilities: [ [-] { [-] cve: CVE-2022-22822 nvd_url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22822 score: 9.8 severity: critical cve: CVE-2022-22823 nvd_url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22823 score: 9.8 severity: critical cve: CVE-2022-22824 nvd_url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22824 score: 9.8 severity: critical cve: CVE-2022-22826 nvd_url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22826 score: 8.8 severity: high cve: CVE-2022-22827 nvd_url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22827 score: 8.8 severity: high cve: CVE-2022-22825 nvd_url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22825 score: 8.8 severity: high cve: CVE-2021-46143 nvd_url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46143 score: 7.8 severity: high cve: CVE-2021-45960 nvd_url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45960 score: 7.5 severity: high
1) alpine 3.15.3 is out 2) we don't ship expat with the alpine base image
The Images 3.15.0, 3.15 are failing aqua scan and the older images as well