Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trivy scan on this project image is showing critical vulnerabilities #242

Open
austinsonger opened this issue Jul 27, 2021 Discussed in #240 · 4 comments
Open

Trivy scan on this project image is showing critical vulnerabilities #242

austinsonger opened this issue Jul 27, 2021 Discussed in #240 · 4 comments
Labels
external Has external dependencies

Comments

@austinsonger
Copy link
Contributor

austinsonger commented Jul 27, 2021
edited by Dexus
Loading

Discussed in #240

Originally posted by MarcosSarzi-Neo July 26, 2021
I am executing some tests using this image from docker and I am getting some critical vulnerabilities from it, where should I ask for help?

localhost:gvm (alpine 3.14.0)
agent_1  | =============================
agent_1  | Total: 0 (HIGH: 0, CRITICAL: 0)
agent_1  | 
agent_1  | 
agent_1  | usr/share/texmf-dist/scripts/latex2nemeth/latex2nemeth-v1.0.2.jar (jar)
agent_1  | =======================================================================
agent_1  | Total: 2 (HIGH: 1, CRITICAL: 1)
agent_1  | 
agent_1  |  ----------------------------------------- ------------------ ---------- ------------------- --------------- 
agent_1  | |                 LIBRARY                                        | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |
agent_1  |  ----------------------------------------- ------------------ ---------- ------------------- --------------- 
agent_1  | | org.apache.commons:commons-collections4 | CVE-2015-7501    | CRITICAL |               4.0 |           4.1 |
agent_1  |                                                                                ------------------ ----------                                       
agent_1  | |                                                                               | CVE-2015-6420    | HIGH       |                      |                 |
agent_1  |  ----------------------------------------- ------------------ ---------- ------------------- --------------- 
agent_1  | 
agent_1  | usr/share/texmf-dist/scripts/texplate/texplate.jar (jar)
agent_1  | ========================================================
agent_1  | Total: 1 (HIGH: 1, CRITICAL: 0)
agent_1  | 
agent_1  |  ------------------------------------------ ------------------ ---------- ------------------- --------------- 
agent_1  | |                 LIBRARY                  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |
agent_1  |  ------------------------------------------ ------------------ ---------- ------------------- --------------- 
agent_1  | | org.apache.velocity:velocity-engine-core | CVE-2020-13936   | HIGH     |               2.2 |           2.3 |
agent_1  |  ------------------------------------------ ------------------ ---------- ------------------- ---------------
@MarcosSarzi-Neo
Copy link

my one is showing the same.

@Dexus
Copy link
Contributor

Dexus commented Jul 27, 2021

my one is showing the same.

this was your report in the discussion. ;)

https://git.alpinelinux.org/aports/tree/community/texmf-dist/APKBUILD there is the package and the author details.

You can open an Issue at https://gitlab.alpinelinux.org/alpine/aports/-/issues

I'm currently not on the correct system to do it, so if someone of you has time to doit feel free.

@Dexus
Copy link
Contributor

Dexus commented Jul 27, 2021

I open the Issue: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12874

@Dexus Dexus added the external Has external dependencies label Jul 27, 2021
@Dexus
Copy link
Contributor

Dexus commented Jul 27, 2021

texplate - will released in the next days to cpan.org, so we need to wait for the other distros to use the new version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
external Has external dependencies
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Dexus @austinsonger @MarcosSarzi-Neo