Open dao1202 opened 2 years ago
Hi @ncopa , @CosmicToast and @sourcecode-glitch any news on that?
Greetings Sebastian
@dao1202 please don't ping random contributors, thanks! (I have no idea about this vulnerability, all I ever did in this repo was changing the docker run command to work without a TTY)
as a side-not (and potential workaround): alpine 3.16 ships with busybox v1.35.0, so you may be able to build a custom eclipse-temurin docker container based on a newer version than the one used by the official image (which is based on alpine 3.15)
Is this Vulnerability has been fixed in alpine 3.16 ?
This vulnerability is present in alpine 3.16.2 as well. What are the plans to fix this Critical vulnerability ?
This is still present on 3.17.0 along with a new vuln CVE-2022-30065 for the same Busybox package. Any plans to remove the dependency of busybox? Otherwise, we're talking about having to completely abandon alpine as our golden image container of preference at our organization
Hello!
Hope this is the place to report security warnings
Blackduck reports security warning about the busybox and ssl_client libraries in the alpine image.
We currently use the following from docker.hub eclipse-temurin:17.0.3_7-jre-alpine
And blackduck finds the following:
github.com: busybox -> 1.34.1
Kind Regards, Sebastian