redoc
redoc copied to clipboard
Redocly
10 fixable High severity vulnerabilities in docker image.
Describe the bug There are 10 high security vulnerabilities in the latest docker image
Minimal reproducible OpenAPI snippet(if possible)
> trivy image redocly/redoc --ignore-unfixed --severity HIGH,CRITICAL
2025-05-21T20:23:46+03:00 INFO [vuln] Vulnerability scanning is enabled
2025-05-21T20:23:46+03:00 INFO [secret] Secret scanning is enabled
2025-05-21T20:23:46+03:00 INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-05-21T20:23:46+03:00 INFO [secret] Please see also https://trivy.dev/v0.61/docs/scanner/secret#recommendation for faster secret detection
2025-05-21T20:23:48+03:00 INFO Detected OS family="alpine" version="3.21.3"
2025-05-21T20:23:48+03:00 INFO [alpine] Detecting vulnerabilities... os_version="3.21" repository="3.21" pkg_num=67
2025-05-21T20:23:48+03:00 INFO Number of language-specific files num=0
2025-05-21T20:23:48+03:00 WARN Using severities from other vendors for some vulnerabilities. Read https://trivy.dev/v0.61/docs/scanner/vulnerability#severity-selection for details.
Report Summary
┌───────────────────────────────┬────────┬─────────────────┬─────────┐
│ Target │ Type │ Vulnerabilities │ Secrets │
├───────────────────────────────┼────────┼─────────────────┼─────────┤
│ redocly/redoc (alpine 3.21.3) │ alpine │ 10 │ - │
└───────────────────────────────┴────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)
redocly/redoc (alpine 3.21.3)
Total: 10 (HIGH: 10, CRITICAL: 0)
┌──────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├──────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ c-ares │ CVE-2025-31498 │ HIGH │ fixed │ 1.34.3-r0 │ 1.34.5-r0 │ c-ares: c-ares has a use-after-free in read_answers() │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-31498 │
├──────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libexpat │ CVE-2024-8176 │ │ │ 2.6.4-r0 │ 2.7.0-r0 │ libexpat: expat: Improper Restriction of XML Entity │
│ │ │ │ │ │ │ Expansion Depth in libexpat │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-8176 │
├──────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libxml2 │ CVE-2024-56171 │ │ │ 2.13.4-r3 │ 2.13.4-r4 │ libxml2: Use-After-Free in libxml2 │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-56171 │
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2025-24928 │ │ │ │ │ libxml2: Stack-based buffer overflow in xmlSnprintfElements │
│ │ │ │ │ │ │ of libxml2 │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-24928 │
│ ├────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2025-27113 │ │ │ │ 2.13.4-r5 │ libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-27113 │
│ ├────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2025-32414 │ │ │ │ 2.13.4-r6 │ libxml2: Out-of-Bounds Read in libxml2 │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-32414 │
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2025-32415 │ │ │ │ │ libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-32415 │
├──────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libxslt │ CVE-2024-55549 │ │ │ 1.1.42-r1 │ 1.1.42-r2 │ libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-55549 │
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2025-24855 │ │ │ │ │ libxslt: Use-After-Free in libxslt numbers.c │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-24855 │
├──────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ xz-libs │ CVE-2025-31115 │ │ │ 5.6.3-r0 │ 5.6.3-r1 │ xz: XZ has a heap-use-after-free bug in threaded .xz decoder │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-31115 │
└──────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
