docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon composer

CVE-2022-40674

Open Ninos opened this issue 3 years ago • 1 comments

On latest docker image our CVE-scanner reports following critical issue: https://avd.aquasec.com/nvd/2022/cve-2022-40674/

Is it possible to update the expat-lib? May just a fresh rebuild based on upstream images solves the problem.

PS: Is it possible to define a lifecycle for automatically rebuilding images e.g. every week? This should also solve the problem with future CVEs.

Ninos avatar Sep 27 '22 13:09 Ninos

With the way docker hub works, this is not something that can be solved in a straightforward manner (perhaps not at all). Future images should have the updated lib though, I think.

alcohol avatar Dec 06 '22 10:12 alcohol