Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High and Critical vulnerabilities packaged in the container detected by Docker Scout #758

Open
jamescjchan opened this issue Oct 23, 2024 · 0 comments
Open

High and Critical vulnerabilities packaged in the container detected by Docker Scout #758

jamescjchan opened this issue Oct 23, 2024 · 0 comments

Comments

@jamescjchan
Copy link

Expected Behavior

No high or critical vulnerabilities

Actual Behavior

The version of the openssl 3.3.0-r2 is determined with critical and high vulnerabilities
CVE-2024-5535
CVE-2024-6119
The version of the stdlib 1.22.4 is determined with multiple high vulnerabilities
CVE-2024-34158
CVE-2024-34156
CVE-2024-24791
CVE-2022-30635
image

Steps to Reproduce the Problem

  1. docker pull ghcr.io/zalando-incubator/kube-metrics-adapter:v0.2.3
  2. open docker desktop and navigate to the image pulled in the first step

The openssl might be resolved if the builder pulls the latest alpine:3.20 base image again.
However, stdlib is resolved during the build.

Specifications

  • Version: v0.2.3
  • Platform: Windows
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jamescjchan