watchtower icon indicating copy to clipboard operation
watchtower copied to clipboard

Published 20 hours ago verified publisher icon containrrr

Trivy scan reveals docker/cli CVE-2021-41092 vulnerability [HIGH].

Open ACodingGenie opened this issue 3 years ago • 1 comments

Describe the bug Trivy scan reports some vulnerabilities within the Go binary dependencies. I didn't think they were critical so just reporting them here. This is on the latest version of Watchtower docker image.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://github.com/aquasecurity/trivy and install Trivy for your distro.
  2. Run trivy image [image-name] to scan the image.

Expected behavior Trivy should not report any vulnerabilities unless these are false positives.

Screenshots image

We want to know:

  • Platform: Docker on Debian 11
  • Architecture: x86_64
  • Docker version: 20.10.12, build e91ed57

ACodingGenie avatar Jan 23 '22 20:01 ACodingGenie

Hi there! 👋🏼 As you're new to this repo, we'd like to suggest that you read our code of conduct as well as our contribution guidelines. Thanks a bunch for opening your first issue! 🙏

github-actions[bot] avatar Jan 23 '22 20:01 github-actions[bot]

A lot of builds and dependency upgrades have been done since. trivy image containrrr/watchtower:latest currently lists no CVEs at all.

simskij avatar Nov 13 '23 17:11 simskij