tomgeorge
commented
4 months ago Or if these are false positives would be nice to know if dockerize is indeed vulnerable. We're currently getting flagged for CVE-2024-24790 at the moment
Closed col-mcd closed 3 months ago
tomgeorge
commented
4 months ago Or if these are false positives would be nice to know if dockerize is indeed vulnerable. We're currently getting flagged for CVE-2024-24790 at the moment
jwilder
commented
3 months ago v0.8.0 switched to 1.22
Looking at the current image, it appears to use Go: 1.20.4
Several CVE's are exposed by that. an upgrade to 1.20.5-r0 would solve most Critical vulnerabilities (CVE-2023-29404 , CVE-2023-24540, CVE-2023-29402, CVE-2023-29405). If you update to 1.21.1-r0 or Newer then we solve CVE-2023-39320