elasticsearch-HQ icon indicating copy to clipboard operation
elasticsearch-HQ copied to clipboard

Published 20 hours ago verified publisher icon ElasticHQ

CVE 2018 20843

Open cytar opened this issue 1 year ago • 0 comments

Instructions

Please try and perform pull requests against the develop branch.

Merging against the master branch causes a new release to be deployed, and I'd like to avoid that on every PR.

PR Details

Fix CVE 2018 20843 by upgrading expat and dependencies

Description

Fix following scenned vulerabilities:

✗ Medium severity vulnerability found in e2fsprogs/libcom_err Description: Out-of-bounds Write Info: https://snyk.io/vuln/SNYK-ALPINE37-E2FSPROGS-493456 Introduced through: e2fsprogs/[email protected], krb5-conf/[email protected] From: e2fsprogs/[email protected] From: krb5-conf/[email protected] > krb5/[email protected] > e2fsprogs/[email protected] Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 1.43.7-r1

✗ High severity vulnerability found in expat/expat Description: XML External Entity (XXE) Injection Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-453374 Introduced through: expat/[email protected], .python-rundeps@0, python2/[email protected], python3/[email protected] From: expat/[email protected] From: .python-rundeps@0 > expat/[email protected] From: python2/[email protected] > expat/[email protected] and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 2.2.7-r0

✗ High severity vulnerability found in expat/expat Description: Out-of-bounds Read Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-489399 Introduced through: expat/[email protected], .python-rundeps@0, python2/[email protected], python3/[email protected] From: expat/[email protected] From: .python-rundeps@0 > expat/[email protected] From: python2/[email protected] > expat/[email protected] and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 2.2.7-r1

✗ Critical severity vulnerability found in sqlite/sqlite-libs Description: Out-of-bounds Read Info: https://snyk.io/vuln/SNYK-ALPINE37-SQLITE-458200 Introduced through: sqlite/[email protected], .python-rundeps@0, python2/[email protected], python3/[email protected] From: sqlite/[email protected] From: .python-rundeps@0 > sqlite/[email protected] From: python2/[email protected] > sqlite/[email protected] and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 3.25.3-r1

Related Issue

CVE-2018-20843

cytar avatar Feb 23 '23 10:02 cytar