xquery
commented
3 years ago thx for the report we will address in upcoming release
Closed 7vs closed 3 years ago
xquery
commented
3 years ago thx for the report we will address in upcoming release
xquery
commented
3 years ago FYI: next release will coincide with curl eg. May 26, 2021
xquery
commented
3 years ago we bumped to alpine 3.12.7 which addresses CVE-2021-30139
We are unable to use your image as we've detected this vulnerability. I'm happy to raise a PR to address this.
Scan results for image curlimages/curl:latest
Vulnerabilities +----------------+----------+------+-----------+-----------+--------------------+-----------+------------+------------+----------------------------------------------------+ | CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | GRACE DAYS | DESCRIPTION | +----------------+----------+------+-----------+-----------+--------------------+-----------+------------+------------+----------------------------------------------------+ | CVE-2021-30139 | high | 7.50 | apk-tools | 2.10.5-r1 | fixed in 2.10.6-r0 | 27 days | < 1 hour | -8 | In Alpine Linux apk-tools before 2.12.5, the | | | | | | | 27 days ago | | | | tarball parser allows a buffer overflow and crash. | +----------------+----------+------+-----------+-----------+--------------------+-----------+------------+------------+----------------------------------------------------+
Vulnerabilities found for image curlimages/curl:latest: total - 1, critical - 0, high - 1, medium - 0, low - 0 Scan failed due to vulnerability policy violations: Fail on High or above vulnerabilities, 1 vulnerabilities, [high:1]