The lfedge/ekuiper:1.5.1-alpine image has a few High saverity vulnerabilities. #1326
Comments
|
@bighb69738 I don't think we directly use those, maybe they are imported by the dependencies. Where do you run the scan and do you have more information where do these vulnerabilities happen? Thanks |
|
These libraries are from Alpine. |
|
Thank you, I think we need to upgrade the base alpine version. |
|
Hi @bighb69738, this is the docker file for 1.5.1-alpine you can modify the dependencies and build a new docker image by yourself with this command we would appreciate that if you could verify the images and make a pr for us |
|
Close because of inactivity |
Hi all:
I tried to use the latest image lfedge/ekuiper:1.5.1-alpine on EdgeX.
But there is a few High saverity vulnerabilities when the image was scaned.
These High saverity vulnerabilities:
Library:libcrypto1.1-1.1.1n-r0.apk
Vulnerability id : CVE-2022-2097 (Upgrade to version OpenSSL_1_1_1q,openssl-3.0.5)
Library:libssl1.1-1.1.1n-r0.apk
Vulnerability id : CVE-2022-2097 (Upgrade to version OpenSSL_1_1_1q,openssl-3.0.5)
These Medium saverity vulnerabilities:
Libery:musl-utils-1.2.2-r7.apk
Vulnerability id : CVE-2020-28928 (Upgrade to version musl - 1.2.2-1,1.2.2-1,1.1.16-3+deb9u1)
Library:musl-1.2.2-r7.apk
Vulnerability id : CVE-2020-28928 (Upgrade to version musl - 1.2.2-1,1.2.2-1,1.1.16-3+deb9u1)
How to fix ?
The text was updated successfully, but these errors were encountered: