- 1. There are several things that can be addressed with this application. CVE-2018-18074 can be addressed by modifying the requirements file to install requests=2.22.0 rather than the vulnerable version. Also there are a lot of package imports in the script itself that aren't being used, and should be removed until they are.
- 2. Update the version of the alpine image being used. The application itself doesnt really do anything at this point so there is no reason not to use the latest version especially as it fixes CVE-2019-8457 by installing a patched version of SQLite.
- 3. In the dockerfile there are a lot of things being installed that aren't being used. This needlessly increases the size of the attack surface. If you remove those packages you also prevent gcc and binutils from being installed which resolves CVE-2018-12699 as that isn't an acceptable answer, this issue is also resolved by using the newer version of Alpine, or you could install the acl package, and lock down the permissions for objdump which is the vulnerable package, by blocking its use. setfacl user:*:rwx- objdump
colonelmeow/appsecctf
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published