This repository has been archived by the owner on Jan 29, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
CVE-2022-21724 vulnerability related to postgresql dependency #393
Closed
victorarbuesmallada opened this issue
Mar 16, 2022
· 7 comments
· Fixed by keycloak/keycloak#10828 or #394
Closed
CVE-2022-21724 vulnerability related to postgresql dependency #393
victorarbuesmallada opened this issue
Mar 16, 2022
· 7 comments
· Fixed by keycloak/keycloak#10828 or #394
Comments
@stianst this has the area/dist/quarkus label, but we use 42.3.3 - so for quarkus it should be solved. Not sure how to proceed :) |
Indeed, the Quarkus distribution is not affected, only the Keycloak legacy. |
@stianst interesting enough, Snyk, Dependabot and depscan could not catch it https://snyk.io/vuln/maven:org.postgresql%3Apostgresql |
We don't bundle the PostgreSQL JDBC driver in the legacy WildFly distribution, only in the legacy container. The version specified in pom.xml is only used for testing purposes. @Painyjames I presume you are scanning the container image and not the ZIP distribution? |
That's correct, so I guess the fault might be there? |
@stianst out of curiosity, why you decided to reopen? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
AWS Inspector has found a vulnerability related to the postgresql driver dependency.
The details of said vulnerability can be found here and can be sorted out if that dependency is not between this versions 42.3.0 and 42.3.2 or before 42.2.25.
Version
1.6.1
Expected behavior
No response
Actual behavior
No response
How to Reproduce?
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: