search

githubexporter / github-exporter

:octocat: Prometheus exporter for github metrics
MIT License
425 stars 121 forks source link

Please push an updated build to resolve CVEs in busybox #115

Closed dan-ih closed 2 months ago

dan-ih commented 4 months ago

The below CVEs exist in busybox in the latest published image (1.2.0). Can you please publish an update to resolve these CVEs?

List

CVE-ID: CVE-2023-42364 Vulnerable Package: busybox Severity: MEDIUM URI: See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42364 for more details Info: Upgrade to at least version(s): Alpine:v3.19 - 1.36.1-r17

CVE-ID: CVE-2023-42366 Vulnerable Package: busybox Severity: MEDIUM URI: See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42366 for more details Info: Upgrade to at least version(s): Alpine:v3.16 - 1.35.0-r18 | Alpine:v3.17 - 1.35.0-r30 | Alpine:v3.18 - 1.36.1-r6 | Alpine:v3.19 - 1.36.1-r16

CVE-ID: CVE-2023-42365 Vulnerable Package: busybox Severity: MEDIUM URI: See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42365 for more details Info: Upgrade to at least version(s): Alpine:v3.19 - 1.36.1-r17

CVE-ID: CVE-2023-42363 Vulnerable Package: busybox Severity: MEDIUM URI: See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42363 for more details Info: Upgrade to at least version(s): Alpine:v3.19 - 1.36.1-r17

henrymcconville commented 2 months ago

Hi Daniel, v1.3.1 has resolved all outstanding security issues. Thanks!