Closed HassenMaamri closed 3 months ago
Hey @HassenMaamri, this is not considered a critical CVE per https://github.com/nginxinc/docker-nginx-unprivileged#on-reporting-issues and https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/SECURITY.md, so the images will be rebuilt next Monday and assuming there's a fix by then, the image will be patched.
I will also add that if you actually read the CVE details (https://nvd.nist.gov/vuln/detail/CVE-2023-46218) you will see that the CVE is undergoing reanalysis so it might not even be considered a CVE anymore once the reanalysis is concluded.
Hello,
In my team we are using an nginxinc docker image: "stable" tag
We ran a security scan and it found the following "HIGH"-risk-classified vulnerability coming from curl:
Information Disclosure (CVE-2023-46218)
The scan suggests that they are fixed in a patched version: 8.5.0. However the installed version is 7.88.1.
I was wondering if it's possible that you update node to the suggested version to solve the vulnerability? Thank you so much