Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade nginx from 1.25.1 to 1.27 #3373

Merged
merged 2 commits into from
Sep 15, 2024

Conversation

yurake
Copy link
Owner

@yurake yurake commented Jul 3, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • kubernetes/nginx/Dockerfile

We recommend upgrading to nginx:1.27, as this image has only 93 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Out-of-bounds Write
SNYK-DEBIAN12-GLIBC-5927132
  829  
high severity Out-of-bounds Write
SNYK-DEBIAN12-GLIBC-5927132
  829  
high severity Out-of-bounds Write
SNYK-DEBIAN12-LIBWEBP-5893095
  829  
high severity Resource Exhaustion
SNYK-DEBIAN12-NGHTTP2-5953379
  829  
high severity Out-of-bounds Write
SNYK-DEBIAN12-GLIBC-6210098
  721  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Resource Exhaustion

@github-actions github-actions bot added kubernetes someone for kubernetes docker Pull requests that update Docker code labels Jul 3, 2024
Copy link

sonarcloud bot commented Jul 3, 2024

Copy link

codeclimate bot commented Sep 15, 2024

Code Climate has analyzed commit 0301a7c and detected 0 issues on this pull request.

View more on Code Climate.

Copy link

sonarcloud bot commented Sep 15, 2024

@@ -1,4 +1,4 @@
FROM nginx:1.27.1
FROM nginx:1.27

Check failure

Code scanning / Snyk Container

Critical severity - Cleartext Transmission of Sensitive Information vulnerability in curl Critical

This file introduces a vulnerable curl package with a critical severity vulnerability.
@@ -1,4 +1,4 @@
FROM nginx:1.27.1
FROM nginx:1.27

Check failure

Code scanning / Snyk Container

Critical severity - Out-of-bounds Write vulnerability in curl Critical

This file introduces a vulnerable curl package with a critical severity vulnerability.
@@ -1,4 +1,4 @@
FROM nginx:1.27.1
FROM nginx:1.27

Check failure

Code scanning / Snyk Container

Critical severity - Out-of-bounds Read vulnerability in db5.3 Critical

This file introduces a vulnerable db5.3 package with a critical severity vulnerability.
@@ -1,4 +1,4 @@
FROM nginx:1.27.1
FROM nginx:1.27

Check failure

Code scanning / Snyk Container

Critical severity - Integer Overflow or Wraparound vulnerability in expat Critical

This file introduces a vulnerable expat package with a critical severity vulnerability.
@@ -1,4 +1,4 @@
FROM nginx:1.27.1
FROM nginx:1.27

Check failure

Code scanning / Snyk Container

Critical severity - Integer Overflow or Wraparound vulnerability in expat Critical

This file introduces a vulnerable expat package with a critical severity vulnerability.
@@ -1,4 +1,4 @@
FROM nginx:1.27.1
FROM nginx:1.27

Check failure

Code scanning / Snyk Container

Critical severity - XML External Entity (XXE) Injection vulnerability in expat Critical

This file introduces a vulnerable expat package with a critical severity vulnerability.
@@ -1,4 +1,4 @@
FROM nginx:1.27.1
FROM nginx:1.27

Check failure

Code scanning / Snyk Container

Critical severity - CVE-2024-37371 vulnerability in krb5 Critical

This file introduces a vulnerable krb5 package with a critical severity vulnerability.
@@ -1,4 +1,4 @@
FROM nginx:1.27.1
FROM nginx:1.27

Check failure

Code scanning / Snyk Container

Critical severity - Integer Overflow or Wraparound vulnerability in zlib Critical

This file introduces a vulnerable zlib package with a critical severity vulnerability.
@yurake yurake merged commit 08064ea into master Sep 15, 2024
56 of 58 checks passed
@yurake yurake deleted the snyk-fix-7bef44ba7f9a77eba3efdde262408415 branch September 15, 2024 05:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docker Pull requests that update Docker code kubernetes someone for kubernetes size/XS
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants