Medium vulnerability CVE-2024-6119

[felipesanti]

Sorry I am not a security expert, I just run a Docker scan on my container. I am using node:22-alpine3.19

[rgoltz]

Right now, Alpine-Team released a new Minor-Version (for each active version a new dedicated minor, like 3.17.10, 3.18.9, 3.19.4, 3.20.3) to fix the openssl issue: CVE-2024-6119: https://security.alpinelinux.org/vuln/CVE-2024-6119. Having this said, Alpine itself updated openssl libary to resolve this vulnerability.

You are using a "pre-baked" Docker Image, which is on top of Alpine - it's node. This Image using Alpine Major 3.19 in general - Right now still 3.19.3. You need to wait until the tag 22-alpine3.19 got the update (which than using 3.19.4). You can check the "Last pushed" timestamp here: https://hub.docker.com/_/node/tags?page_size=&ordering=&name=22-alpine3.19 (+ There is also a Vulnerabilities column. Once node using Alpine 3.19.4, the CVE should be gone in the report as well.

[felipesanti]

Thank you @rgoltz Indeed the vulnerability is gone according to the docker.com analysis (I have not tested myself but will close the issue nevertheless).