You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Due to vulnerability finding, the docker image we are building, which contains gradle, is deem to be a vulnerable image.
May we expect a patch or rc soon to fix this vulnerability?
Context (optional)
No response
Steps to Reproduce
I executed the Trivy container scanner to scan a docker image built with the latest Gradle. The vulnerability was reported in its security report.
Gradle version
8.1.1
Build scan URL (optional)
No response
Your Environment (optional)
No response
The text was updated successfully, but these errors were encountered:
Expected Behavior
Expected no critical vulnerability findings.
Current Behavior
A critical vulnerability was detected regarding the snakeyaml dependency in the latest version of Gradle, https://nvd.nist.gov/vuln/detail/CVE-2022-1471#range-9042833
Due to vulnerability finding, the docker image we are building, which contains gradle, is deem to be a vulnerable image.
May we expect a patch or rc soon to fix this vulnerability?
Context (optional)
No response
Steps to Reproduce
I executed the Trivy container scanner to scan a docker image built with the latest Gradle. The vulnerability was reported in its security report.
Gradle version
8.1.1
Build scan URL (optional)
No response
Your Environment (optional)
No response
The text was updated successfully, but these errors were encountered: