I would like to report this CVE which is currently effect in v0.8.18
Description
The package zlib1g version 1:1.2.11.dfsg-1 was detected in APT package manager on a container image running Debian 10.1 is vulnerable to CVE-2022-37434, which exists in versions < 1:1.2.11.dfsg-1+deb10u2.
The vulnerability was found in the Official Debian Security Advisories with vendor severity: Critical (NVD severity: Critical).
This vulnerability has a known exploit available. Source: Github [1, 2, 3].
The vulnerability can be remediated by updating the package to version 1:1.2.11.dfsg-1+deb10u2 or higher, by adding the following command to the Dockerfile: RUN apt upgrade zlib1g.
Sorry, It was my mistake when checking the version. The current version in 1.2.13 and not is vulnerable. So I closed this issue. Sorry for my inconvenience.
I would like to report this CVE which is currently effect in v0.8.18
Description
The package zlib1g version 1:1.2.11.dfsg-1 was detected in APT package manager on a container image running Debian 10.1 is vulnerable to CVE-2022-37434, which exists in versions < 1:1.2.11.dfsg-1+deb10u2.
The vulnerability was found in the Official Debian Security Advisories with vendor severity: Critical (NVD severity: Critical).
This vulnerability has a known exploit available. Source: Github [1, 2, 3].
The vulnerability can be remediated by updating the package to version 1:1.2.11.dfsg-1+deb10u2 or higher, by adding the following command to the Dockerfile:
RUN apt upgrade zlib1g
.