distroless icon indicating copy to clipboard operation
distroless copied to clipboard

Published 20 hours ago • verified publisher icon GoogleContainerTools

Openssl vulnerability in distroless/nodejs:14

Open talentedandrew opened this issue 3 years ago • 1 comments
trafficstars

I'm using distroless/nodejs:14 in my docker file. The Snyk scanner shows a Vulnerability issue in my docker image which uses distroless/nodejs:14. The issue is arising from the openssl package for versions <1.1.1d-0+deb10u8. Is there any fix available for this issue?

FROM node:14 as build

COPY .XXXX /XXXX/.XXXX
WORKDIR /XXXX/XXXX
COPY XXXX XXXX
RUN XXXX

COPY . .

FROM gcr.io/distroless/nodejs:14

EXPOSE XXXX
ENV NODE_ENV production
COPY --from=build /XXXX/XXXX/ /XXXX
WORKDIR /XXXX
CMD ["XXXX"]

talentedandrew avatar Mar 30 '22 11:03 talentedandrew

The fixes are not available in debian yet. But it is weird that the scanner is showing that you need +deb10u8 because it thinks you're image is based on debian10 (it should be debian11), have you rebuilt recently?

loosebazooka avatar Mar 30 '22 12:03 loosebazooka