search

cypress-io / cypress-docker-images

Docker images with Cypress dependencies and browsers
https://on.cypress.io/continuous-integration
MIT License
1.02k stars 380 forks source link

CVE-2024-32002 #1166

Closed philippebailer closed 1 month ago

philippebailer commented 1 month ago

Latest 13.13.0 image tag https://hub.docker.com/r/cypress/included/tags

Is failing internal security scan due to: https://security-tracker.debian.org/tracker/CVE-2024-32002

MikeMcC399 commented 1 month ago

@philippebailer

Thanks for your report on CVE-2024-32002. According to Debian bug 1071160 there is an open request to remediate the vulnerability in Debian (stable) that Cypress Docker images use.

Debian fixes are automatically included into the latest cypress/included image when each one is built every time Cypress releases any new version, which happens about once every two weeks. Note that existing images are considered frozen and are not updated.

At this time there is no specific action that can be carried out in Cypress Docker images to remediate the vulnerability. The fix has to come through the Debian channels.

You can find more information in the SECURITY.md document in this repository.

MikeMcC399 commented 1 month ago

Closing, as there is no direct action possible for Cypress Docker images. All Debian stable fixes are picked up as they are released by Debian.

philippebailer commented 1 month ago

Awesome, sounds good.

thank you for the info