Closed stoneshi-yunify closed 4 months ago
root@stonetest:~# trivy image openebs/linux-utils:latest 2022-07-06T13:42:52.215+0800 INFO Vulnerability scanning is enabled 2022-07-06T13:42:52.215+0800 INFO Secret scanning is enabled 2022-07-06T13:42:52.215+0800 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning 2022-07-06T13:42:52.215+0800 INFO Please see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection 2022-07-06T13:42:55.997+0800 INFO Detected OS: alpine 2022-07-06T13:42:55.997+0800 INFO Detecting Alpine vulnerabilities... 2022-07-06T13:42:55.998+0800 INFO Number of language-specific files: 0 openebs/linux-utils:latest (alpine 3.14.6) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0) ┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────┤ │ libcrypto1.1 │ CVE-2022-2097 │ MEDIUM │ 1.1.1n-r0 │ 1.1.1q-r0 │ AES OCB mode for 32-bit x86 platforms using the AES-NI │ │ │ │ │ │ │ assembly optimised... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2097 │ ├──────────────┤ │ │ │ │ │ │ libssl1.1 │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────┘ root@stonetest:~# root@stonetest:~# root@stonetest:~# trivy version Version: 0.29.2 Vulnerability DB: Version: 2 UpdatedAt: 2022-07-06 00:12:25.854188929 +0000 UTC NextUpdate: 2022-07-06 06:12:25.854188429 +0000 UTC DownloadedAt: 2022-07-06 05:34:58.185443 +0000 UTC
Thanks. Noted. I'll be upgrading the base image's version soon. Similar to https://github.com/openebs/dynamic-localpv-provisioner/issues/140