Closed coiouhkc closed 1 month ago
Report below for alpine 3.19.1:
┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ │ git │ CVE-2024-32002 │ CRITICAL │ fixed │ 2.43.0-r0 │ 2.43.4-r0 │ git: Recursive clones RCE │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-32002 │ │ ├────────────────┼──────────┤ │ │ ├────────────────────────────────────────────┤ │ │ CVE-2024-32004 │ HIGH │ │ │ │ git: RCE while cloning local repos │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-32004 │ │ ├────────────────┤ │ │ │ ├────────────────────────────────────────────┤ │ │ CVE-2024-32465 │ │ │ │ │ git: additional local RCE │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-32465 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘
Upgrading to alpine:3.20 seems to fix the issue (for now) - are you interested in a PR?
Thanks for reporting and fixing.
boyter
commented
1 month ago boyter
commented
1 month ago
Report below for alpine 3.19.1:
Upgrading to alpine:3.20 seems to fix the issue (for now) - are you interested in a PR?