cvat icon indicating copy to clipboard operation
cvat copied to clipboard

Published 20 hours ago verified publisher icon cvat-ai

Vulnerabilities with Docker images

Open antoniodasilvals opened this issue 3 years ago • 1 comments

My actions before raising this issue

  • [X] Read/searched the docs
  • [ ] Searched past issues

Hello, we did download your product with a prebuilt Docker image and did a scan of it with Harbor. The scan revealed that there are several packages with critical/high vulnerabilities. Do you plan to update or patch those vulnerabilities with a new Docker image?

Expected Behaviour

We (naively?) expected to get a Docker with updated versions.

Current Behaviour

Packages that show critical vulnerabilities: curl, freetype, libcurl, pcre2, etc.

Possible Solution

Update packages?

Steps to Reproduce (for bugs)

We used last version of Harbor

Context

As it is, we can't deploy it in our environment

Your Environment

Linux farm

Next steps

Simply wanted to know if you plan to update it or not... Thanks,

antoniodasilvals avatar Aug 08 '22 15:08 antoniodasilvals

@antoniodasilvals , please use images from the dockerhub: https://hub.docker.com/r/cvat

nmanovic avatar Aug 08 '22 17:08 nmanovic

Need to organize scanning of CVAT images using a solution (for example, dockerHub Vulnerability Reporting)

nmanovic avatar Jan 05 '23 18:01 nmanovic