search

mirror / busybox

BusyBox mirror
https://www.busybox.net/
Other
1.66k stars 621 forks source link

CVE-2022-28391 found in Busybox:1.35.0 #55

Open sinceronny opened 2 years ago

sinceronny commented 2 years ago

Hi

Our Security Scanning tool has identified Critical/High CVEs in the following components listed, Can you please review this and kindly provide an update on the following: 1) Documentation that explains the mitigation strategy that we can apply to reduce the severity level 2) Details on when is this going to be fixed with the expected version number

Container: busybox:1.35.0 Critical CVE: CVE-2022-28391 CVE-2022-30065

Thanks a lot, Wei

eslerm commented 2 years ago

Busybux bug report for CVE-2022-28391

Busybox bug report for CVE-2022-30065

mehmoodsyed commented 2 years ago

How this CVE would relate to earlier versions - more specifically 1.24.1?

ygm521 commented 1 year ago

is Busybox:1.36.0 has solved these CVE?thanks