You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using version 6.0.11 of the image in my project. During testing the "trivy" utility discovered a vulnerability.
$ trivy image confluentinc/cp-kafka:6.0.11
2023-02-06T18:25:22.718+0300 INFO Vulnerability scanning is enabled
2023-02-06T18:25:22.719+0300 INFO Secret scanning is enabled
2023-02-06T18:25:22.719+0300 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-02-06T18:25:22.719+0300 INFO Please see also https://aquasecurity.github.io/trivy/v0.37/docs/secret/scanning/#recommendation for faster secret detection
2023-02-06T18:25:30.121+0300 INFO Detected OS: redhat
2023-02-06T18:25:30.121+0300 INFO Detecting RHEL/CentOS vulnerabilities...
2023-02-06T18:25:30.149+0300 INFO Number of language-specific files: 2
2023-02-06T18:25:30.149+0300 INFO Detecting jar vulnerabilities...
2023-02-06T18:25:30.153+0300 INFO Detecting python-pkg vulnerabilities...
confluentinc/cp-kafka:6.0.11 (redhat 8.7)
Total: 1 (HIGH: 1, CRITICAL: 0)
┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────┤
│ libksba │ CVE-2022-47629 │ HIGH │ 1.3.5-8.el8_6 │ │ libksba: integer overflow to code execution │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-47629 │
└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────┘
2023-02-06T18:25:30.219+0300 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
Python (python-pkg)
Total: 1 (HIGH: 1, CRITICAL: 0)
┌───────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├───────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤
│ setuptools (METADATA) │ CVE-2022-40897 │ HIGH │ 50.3.2 │ 65.5.1 │ pypa-setuptools: Regular Expression Denial of Service │
│ │ │ │ │ │ (ReDoS) in package_index.py │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-40897 │
└───────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘
I need to update python setuptools with the new latest version (67.*). And I want to see my changes in the new image 6.0.12 for fixing the vulnerability. I have prepared changes. Which branch can I pull request it?
The text was updated successfully, but these errors were encountered:
I'm using version 6.0.11 of the image in my project. During testing the "trivy" utility discovered a vulnerability.
I need to update python setuptools with the new latest version (67.*). And I want to see my changes in the new image 6.0.12 for fixing the vulnerability. I have prepared changes. Which branch can I pull request it?
The text was updated successfully, but these errors were encountered: