search

crypto-bug-hunters / bug-buster

🪲 Bug Buster, a bug bounty platform powered by Cartesi Rollups
https://x.com/BugBusterApp
Apache License 2.0
10 stars 13 forks source link

Grype's >= Medium CVEs for container image #159

Open endersonmaia opened 2 months ago

endersonmaia commented 2 months ago

These are from the container image generated by cartesi build.

I think we should create an individual issue for each CVE to tackle them as a sub-issue for this issue.

NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox-static 1:1.36.1-6ubuntu3.1 deb CVE-2023-42366 Medium
busybox-static 1:1.36.1-6ubuntu3.1 deb CVE-2023-39810 Medium
libgcrypt20 1.10.3-2build1 deb CVE-2024-2236 Medium
libssl3t64 3.0.13-0ubuntu3.4 deb CVE-2024-41996 Medium
openssl 3.0.13-0ubuntu3.4 deb CVE-2024-41996 Medium

Severity from grype's output, it may be different depending on the source