ballerina-distribution icon indicating copy to clipboard operation
ballerina-distribution copied to clipboard

Published 20 hours ago verified publisher icon ballerina-platform

Update devcontainer base image

Open keizer619 opened this issue 2 years ago • 0 comments

Description:

Enable following in trivy which has been disabled for devcontainer base image

ballerina/ballerina-devcontainer:nightly-test (ubuntu 21.04)
============================================================
Total: 6 (UNKNOWN: 0, LOW: 0, MEDIUM: 6, HIGH: 0, CRITICAL: 0)

+----------------------+------------------+----------+-------------------+------------------------+--------------------------------------+
|       LIBRARY        | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |     FIXED VERSION      |                TITLE                 |
+----------------------+------------------+----------+-------------------+------------------------+--------------------------------------+
| libpython3.9-minimal | CVE-2021-[37](https://github.com/ballerina-platform/ballerina-distribution/runs/5718007735?check_suite_focus=true#step:35:37)37    | MEDIUM   | 3.9.5-3~21.04     | 3.9.5-3ubuntu0~21.04.1 | python: urllib: HTTP client          |
|                      |                  |          |                   |                        | possible infinite loop on            |
|                      |                  |          |                   |                        | a 100 Continue response...           |
|                      |                  |          |                   |                        | -->avd.aquasec.com/nvd/cve-2021-3737 |
+----------------------+                  +          +                   +                        +                                      +
| libpython3.9-stdlib  |                  |          |                   |                        |                                      |
|                      |                  |          |                   |                        |                                      |
|                      |                  |          |                   |                        |                                      |
|                      |                  |          |                   |                        |                                      |
+----------------------+------------------+          +-------------------+------------------------+--------------------------------------+
| libsystemd0          | CVE-2021-[39](https://github.com/ballerina-platform/ballerina-distribution/runs/5718007735?check_suite_focus=true#step:35:39)97    |          | 2[47](https://github.com/ballerina-platform/ballerina-distribution/runs/5718007735?check_suite_focus=true#step:35:47).3-3ubuntu3.6  | 247.3-3ubuntu3.7       | systemd: Uncontrolled recursion in   |
|                      |                  |          |                   |                        | systemd-tmpfiles when removing files |
|                      |                  |          |                   |                        | -->avd.aquasec.com/nvd/cve-2021-3997 |
+----------------------+                  +          +                   +                        +                                      +
| libudev1             |                  |          |                   |                        |                                      |
|                      |                  |          |                   |                        |                                      |
|                      |                  |          |                   |                        |                                      |
+----------------------+------------------+          +-------------------+------------------------+--------------------------------------+
| python3.9            | CVE-2021-3737    |          | 3.9.5-3~21.04     | 3.9.5-3ubuntu0~21.04.1 | python: urllib: HTTP client          |
|                      |                  |          |                   |                        | possible infinite loop on            |
|                      |                  |          |                   |                        | a 100 Continue response...           |
|                      |                  |          |                   |                        | -->avd.aquasec.com/nvd/cve-2021-3737 |
+----------------------+                  +          +                   +                        +                                      +
| python3.9-minimal    |                  |          |                   |                        |                                      |
|                      |                  |          |                   |                        |                                      |
|                      |                  |          |                   |                        |                                      |
|                      |                  |          |                   |                        |                                      |
+----------------------+------------------+----------+-------------------+------------------------+--------------------------------------+

keizer619 avatar Mar 28 '22 14:03 keizer619