search

docker-library / openjdk

Docker Official Image packaging for EA builds of OpenJDK from Oracle
http://openjdk.java.net
MIT License
1.14k stars 471 forks source link

openjdk:11 - Possible high vulnerability found: CVE-2021-3177 #456

Closed sushantac closed 3 years ago

sushantac commented 3 years ago

During the vulnerability scanning of a Docker image, openjdk:11 got flagged for containing the following high vulnerability: https://security-tracker.debian.org/tracker/CVE-2021-3177

wglambert commented 3 years ago

Buster is still vulnerable and the Debian security team considers it a "minor issue"

Python 2.7 is in the image because of the buildpack-deps base image https://github.com/docker-library/openjdk/blob/34b09b2cbfa0edc7930818ea4ff070e3d42d5f89/11/jdk/buster/Dockerfile#L7

You can alternatively use openjdk:11-slim or openjdk:11-oraclelinux8 which don't come with Python

tianon commented 3 years ago

Indeed, see also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves