robertcheramy
commented
2 weeks ago oxidized-web has no direct dependency to webrick I am aware of.
The latest oxidized container includes webrick 1.8.1, which is the version of the ubuntu package and it includes the security fix:
root@a31cd3958ffe:/# apt show ruby-webrick
Package: ruby-webrick
Version: 1.8.1-1ubuntu0.1
Please update webrick from 1.8.1 to 1.8.2 because of CVE-2024-47220 .
https://scout.docker.com/vulnerabilities/id/CVE-2024-47220?n=webrick&t=gem&vr=%3C%3D1.8.1