search

grafana / pyroscope

Continuous Profiling Platform. Debug performance issues down to a single line of code
https://grafana.com/oss/pyroscope/
GNU Affero General Public License v3.0
9.97k stars 597 forks source link

CVE-2023-6992 zlib, CVE-2023-42366 busybox #3355

Closed lpetrazickisupgrade closed 3 months ago

lpetrazickisupgrade commented 3 months ago

Describe the bug

Pyroscope 1.6.0 images are built on a version of Alpine 3.18 that ship a vulnerable version of zlib and busybox

To Reproduce

Steps to reproduce the behavior:

  1. Scan Pyroscope image
  2. List CVEs

Expected behavior

Updated image without known vulnerable packages

Environment

Additional Context

simonswine commented 3 months ago

@lpetrazickisupgrade thanks for letting us know, after alpine was released we cut a new release ourselves: https://github.com/grafana/pyroscope/releases/tag/v1.6.1