Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security vulnerabilities according to the NATIONAL VULNERABILITY DATABASE (NDV) High, #1721

Open
mardygalimov opened this issue Mar 14, 2024 · 1 comment
Labels
🐋 docker Related to Docker code 🔒 security Address a security vulnerability

Comments

@mardygalimov
Copy link

mardygalimov commented Mar 14, 2024

photo_2024-03-14_13-03-19
photo_2024-03-14_13-03-23
photo_2024-03-14_13-03-27
photo_2024-03-14_13-03-29
Good afternoon!
Please consider eliminating vulnerabilities in Docker image builds:
yuzutech/kroki:0.24.1 - CVE-2023-2976;
yuzutech/kroki-excalidraw:0.24.1 - CVE-2023-37466 vm2, CVE-2023-37903 vm2, CVE-2022-4055 xdg-utils, CVE-2020-27748 xdg-utils;
yuzutech/kroki-mermaid:0.24.1 - CVE-2023-37466 vm2, CVE-2023-37903 vm2, CVE-2022-4055 xdg-utils, CVE-2020-27748 xdg-utils;
yuzutech/kroki-bpmn:0.24.1 - CVE-2023-37466 vm2, CVE-2023-37903 vm2, CVE-2022-4055 xdg-utils, CVE-2020-27748 xdg-utils;
yuzutech/kroki-blockdiag:0.21.3 - CVE-2023-30861 Flask, CVE-2022-42898 krb5-libs, CVE-2022-1304 libcom_err, CVE-2022-4450 libcrypto1.1, CVE-2023-0215, CVE-2023-0286 libcrypto1.1, CVE-2023-0464 libcrypto1.1, CVE-2022-4450 libssl1.1, CVE-2023-0215 libssl1.1, CVE-2023-0286 libssl1.1, CVE-2023-0464 libssl1.1, CVE-2023-29491 ncurses-libs, CVE-2023-29491 ncurses-terminfo-base

Best regards,
Roman Mardygalimov

@ggrossetie
Copy link
Member

You shouldn't use yuzutech/kroki-blockdiag:0.21.3, it's integrated in the base image since https://github.com/yuzutech/kroki/releases/tag/v0.22.0. I believe that most of them are already fixed by: 2f5eb80

@ggrossetie ggrossetie added 🐋 docker Related to Docker code 🔒 security Address a security vulnerability labels Mar 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🐋 docker Related to Docker code 🔒 security Address a security vulnerability
Projects
None yet
Development

No branches or pull requests

2 participants