Docker-based distribution is endorsed as a first-class citizen in README.
Docker images haven't been updated in a year. Therefore, all Gun's Docker users have this critical vulnerability: GHSA-886v-mm6p-4m66
This vulnerability is serious and could easily lead to compromise of user's server and/or any related API keys like AWS credentials. The vulnerability allows malicious users to read any files from the filesystem.
What makes this worse is that I'm seeing "docker build: automated", "master" and "latest" terms tossed around in README / DockerHub which could trick some users into thinking the user gets up-to-date software (which is clearly not the case).
Docker-using users have been vulnerable 150+ days since this vulnerability was disclosed to the project maintainer.
Please take your users' security seriously and either update the "latest", "master" DockerHub tags or delete them to protect the users.
The text was updated successfully, but these errors were encountered: