elasticsearch-HQ
elasticsearch-HQ copied to clipboard
CVE 2018 20843
Instructions
Please try and perform pull requests against the develop
branch.
Merging against the master branch causes a new release to be deployed, and I'd like to avoid that on every PR.
PR Details
Fix CVE 2018 20843 by upgrading expat and dependencies
Description
Fix following scenned vulerabilities:
✗ Medium severity vulnerability found in e2fsprogs/libcom_err Description: Out-of-bounds Write Info: https://snyk.io/vuln/SNYK-ALPINE37-E2FSPROGS-493456 Introduced through: e2fsprogs/[email protected], krb5-conf/[email protected] From: e2fsprogs/[email protected] From: krb5-conf/[email protected] > krb5/[email protected] > e2fsprogs/[email protected] Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 1.43.7-r1
✗ High severity vulnerability found in expat/expat Description: XML External Entity (XXE) Injection Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-453374 Introduced through: expat/[email protected], .python-rundeps@0, python2/[email protected], python3/[email protected] From: expat/[email protected] From: .python-rundeps@0 > expat/[email protected] From: python2/[email protected] > expat/[email protected] and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 2.2.7-r0
✗ High severity vulnerability found in expat/expat Description: Out-of-bounds Read Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-489399 Introduced through: expat/[email protected], .python-rundeps@0, python2/[email protected], python3/[email protected] From: expat/[email protected] From: .python-rundeps@0 > expat/[email protected] From: python2/[email protected] > expat/[email protected] and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 2.2.7-r1
✗ Critical severity vulnerability found in sqlite/sqlite-libs Description: Out-of-bounds Read Info: https://snyk.io/vuln/SNYK-ALPINE37-SQLITE-458200 Introduced through: sqlite/[email protected], .python-rundeps@0, python2/[email protected], python3/[email protected] From: sqlite/[email protected] From: .python-rundeps@0 > sqlite/[email protected] From: python2/[email protected] > sqlite/[email protected] and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 3.25.3-r1