We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi,
trivy scanner has detected the following CVEs:
╰─ trivy image quay.io/reactiveops/rbac-manager:v1.1.1 2022-04-29T16:20:52.892+0200 INFO Detected OS: alpine 2022-04-29T16:20:52.893+0200 INFO Detecting Alpine vulnerabilities... 2022-04-29T16:20:52.893+0200 INFO Number of language-specific files: 1 2022-04-29T16:20:52.893+0200 INFO Detecting gobinary vulnerabilities... quay.io/reactiveops/rbac-manager:v1.1.1 (alpine 3.15.0) ======================================================= Total: 6 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 4, CRITICAL: 2) +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | BusyBox through 1.35.0 allows remote | | | | | | | attackers to execute arbitrary co ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28391 | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | libcrypto1.1 | CVE-2022-0778 | HIGH | 1.1.1l-r7 | 1.1.1n-r0 | openssl: Infinite loop in | | | | | | | BN_mod_sqrt() reachable | | | | | | | when parsing certificates | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0778 | +--------------+ + +-------------------+---------------+ + | libretls | | | 3.3.4-r2 | 3.3.4-r3 | | | | | | | | | | | | | | | | | | | | | | | +--------------+ + +-------------------+---------------+ + | libssl1.1 | | | 1.1.1l-r7 | 1.1.1n-r0 | | | | | | | | | | | | | | | | | | | | | | | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | BusyBox through 1.35.0 allows remote | | | | | | | attackers to execute arbitrary co ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28391 | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | zlib: A flaw found in | | | | | | | zlib when compressing (not | | | | | | | decompressing) certain inputs... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-25032 | +--------------+------------------+----------+-------------------+---------------+---------------------------------------+ rbac-manager (gobinary) ======================= Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) +---------------------+------------------+----------+------------------------------------+-----------------------------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------------------+------------------+----------+------------------------------------+-----------------------------------+---------------------------------------+ | golang.org/x/crypto | CVE-2022-27191 | HIGH | v0.0.0-20220214200702-86341886e292 | 0.0.0-20220315160706-3147a52a75dd | golang: crash in a | | | | | | | golang.org/x/crypto/ssh server | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27191 | +---------------------+------------------+----------+------------------------------------+-----------------------------------+---------------------------------------+
Could you fix them please?
Image without Critical and High CVEs
trivy image quay.io/reactiveops/rbac-manager:v1.1.1
1.1.1
No response
The text was updated successfully, but these errors were encountered:
sudermanjr
Successfully merging a pull request may close this issue.
What happened?
Hi,
trivy scanner has detected the following CVEs:
Could you fix them please?
What did you expect to happen?
Image without Critical and High CVEs
How can we reproduce this?
trivy image quay.io/reactiveops/rbac-manager:v1.1.1
Version
1.1.1
Search
Code of Conduct
Additional context
No response
The text was updated successfully, but these errors were encountered: