-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-31484, CVE-2023-2953, CVE-2023-50387 #1133
Comments
Hi. I have no idea what |
We are pulling the memcached docker image from this bitnami repo here. Does this not just pull the release tags from this github repository, to where memcached:1.6.26 in bitnami is the same as the github release tag 1.6.26? I have also raised an issue with the bitnami maintainers, but in previous posts about CVEs they have advised that the vulnerabilities would be handled by the upstream project. Thank you |
This repo is just the source code to the memcached binary. all of the CVE's you listed are for OS dependencies, which aren't connected to memcached at all. that's all an artifact of whomever built the image. |
Hello,
We are using memcached:1.6.26 and a recent security scan has picked up the following:
CVE-2023-31484
CVE-2023-2953
CVE-2023-50387
Would it be possible to update these package versions in order to remove the vulnerabilities?
Thank you
The text was updated successfully, but these errors were encountered: