Open rocketnova opened 2 months ago
The Anchore scans are currently failing due to a package vulnerability issue. The security vuln is CVE-2024-26130, which impacts the python cryptography package starting in version 38.0.0 and prior to version 42.0.4.
cryptography
The test app (/app) installs the aws-cli tool in an alpine image. The cryptography package is a required dependency for aws-cli v2. aws-cli has an open dependabot issue for addressing this vuln.
/app
aws-cli
"cryptography>=3.3.2,<40.0.2"
Problem
The Anchore scans are currently failing due to a package vulnerability issue. The security vuln is CVE-2024-26130, which impacts the python
cryptographypackage starting in version 38.0.0 and prior to version 42.0.4.Context
The test app (
/app) installs theaws-clitool in an alpine image. Thecryptographypackage is a required dependency foraws-cliv2.aws-clihas an open dependabot issue for addressing this vuln.aws-cliis 2.15.47, which requires"cryptography>=3.3.2,<40.0.2".aws-cliavaliable on alpine 3.19.1 is 2.13.25-r0, which requires"cryptography>=3.3.2,<40.0.2".cryptographyavailable on alpine 3.19.1 is 41.0.7-r0.