search

jupyterhub / configurable-http-proxy

node-http-proxy plus a REST API
BSD 3-Clause "New" or "Revised" License
242 stars 130 forks source link

jupyterhub/configurable-http-proxy:4.5.3 image vulnerability issue #441

Closed mohanraj1 closed 1 year ago

mohanraj1 commented 2 years ago

Bug description

Image scan for jupyterhub/configurable-http-proxy:4.5.3 has following vulnerabilities

Name: cpe:2.3:a:nodejs:node.js, Version: 16.17.0, Path: cpes
    Failed policy: vulnerabilities_policy
    CVE-2022-32213, Severity: CRITICAL, Source: https://nvd.nist.gov/vuln/detail/CVE-2022-32213
        Fixed version: 16.17.1
    CVE-2022-32212, Severity: HIGH, Source: https://nvd.nist.gov/vuln/detail/CVE-2022-32212
        Fixed version: 16.17.1

We need to upgrade to 16.17.1 node.js package (https://nodejs.org/en/blog/release/v16.17.1/)

Expected behaviour

No image vulnerabilities

Actual behaviour

How to reproduce

Perform image scan on jupyterhub/configurable-http-proxy:4.5.3 image

Building image and scanning

welcome[bot] commented 2 years ago

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. welcome You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

consideRatio commented 1 year ago

Resolved by 4.5.4 release