Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address CVEs for MAB Epsilon Greedy & Thompson Sampling Server Image from Twistlock Reports #2969

Closed
axsaucedo opened this issue Feb 16, 2021 · 1 comment · Fixed by #2970
Closed

Address CVEs for MAB Epsilon Greedy & Thompson Sampling Server Image from Twistlock Reports #2969

axsaucedo opened this issue Feb 16, 2021 · 1 comment · Fixed by #2970
Labels
bug
Projects
MLOPs Sprint 1

Comments

@axsaucedo
Copy link
Contributor

Actionable Vulnerabilities: Implies there is a fixed version available for vulnerable package.

===========================================================================================================================================================================
Severity   CVSS       Type       CVE ID               Package                                       Version                                  status                                   Twistlock Severity   Link                                                                                                
===========================================================================================================================================================================
P3         6.5        python     CVE-2020-26137       urllib3                                       1.24.2                                   fixed in 1.25.9                          medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26137                                     
P3         6.1        python     CVE-2019-11236       urllib3                                       1.24.2                                   fixed in 1.24.3                          medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11236                                     
P3         5.9        python     CVE-2020-1971        cryptography                                  2.7                                      fixed in 3.3, 1.8                        medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1971                                      
=========================================================================================================
P1         P2         P3         P4        
0          0          3          0         
=========================================================================================================
@axsaucedo axsaucedo added bug triage Needs to be triaged and prioritised accordingly labels Feb 16, 2021
@axsaucedo axsaucedo mentioned this issue Feb 16, 2021
Merged
@ukclivecox ukclivecox removed the triage Needs to be triaged and prioritised accordingly label Feb 18, 2021
@ukclivecox ukclivecox added this to To do in MLOPs Sprint 1 via automation Feb 18, 2021
MLOPs Sprint 1 automation moved this from To do to Done Feb 18, 2021
@axsaucedo axsaucedo reopened this Feb 18, 2021
MLOPs Sprint 1 automation moved this from Done to In progress Feb 18, 2021
@axsaucedo axsaucedo moved this from In progress to Review in progress in MLOPs Sprint 1 Feb 18, 2021
@axsaucedo
Copy link
Contributor Author

Confirmed CVEs resolved

MLOPs Sprint 1 automation moved this from Review in progress to Done Feb 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
No open projects
MLOPs Sprint 1
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Addressing CVEs from Python base Image axsaucedo/seldon-core
2 participants
@axsaucedo @ukclivecox