search

tomkerkhove / promitor

Bringing Azure Monitor metrics where you need them.
https://promitor.io
MIT License
249 stars 91 forks source link

CVE-2023-1255 in alpine 3.17 base images #2308

Closed amirschw closed 1 year ago

amirschw commented 1 year ago

Report

Both images are vulnerable since they both use alpine 3.17 for the base image.

The OpenSSL vulnerability was fixed in alpine 3.18 and can be fixed here once https://github.com/dotnet/dotnet-docker/pull/4629 is merged and new dotnet docker images are published.

Vulnerability Information

https://github.com/advisories/GHSA-4wp2-xw7p-2gfx

Affected Component(s)

Resource Discovery, Scraper

Affected Version(s)

latest (Scraper v2.9.1, Resource Discovery v0.9.1)

Vulnerability Migitation

No response

Vulnerability Fix

Upgrade to alpine 3.18

Contact Details

No response

amirschw commented 1 year ago

Fixed indirectly by switching from Alpine to Mariner in #2329