Critical vulnerability CVE-2024-32002 found in dependencies installed in ckan-base - Githubissues

ckan / ckan-docker-base

Official Docker images for CKAN.

19 stars 22 forks source link

Critical vulnerability CVE-2024-32002 found in dependencies installed in ckan-base #82

Open brunopacheco1 opened 2 months ago

brunopacheco1 commented 2 months ago

CKAN base image installs git and other packages, in https://github.com/ckan/ckan-docker-base/blob/dea74608624495360ff8fdcb9593bd62cf99ad96/ckan-2.10/base/Dockerfile#L32

Some of these packages where reported by Trivy as vulnerable, please check our CI/CD logs: https://github.com/GenomicDataInfrastructure/gdi-userportal-ckan-docker/actions/runs/11075521883/job/30776768124

brunopacheco1 commented 1 month ago

We use ckan 2.10.5, btw.