zero-to-jupyterhub-k8s
zero-to-jupyterhub-k8s copied to clipboard
Published
20 hours ago •
jupyterhub
jupyterhub
Vulnerability patch in secret-sync
trafficstars
A rebuild of quay.io/jupyterhub/k8s-secret-sync has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.
About
This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:
- ignore-unfixed:
true
Before
Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-secret-sync:3.2.2-0.dev.git.6499.hcea97c31.
| Target | Vuln. ID | Package Name | Installed v. | Fixed v. |
|---|---|---|---|---|
| alpine | CVE-2023-52425 | libexpat | 2.5.0-r2 | 2.6.0-r0 |
| alpine | CVE-2023-52426 | libexpat | 2.5.0-r2 | 2.6.0-r0 |
| python-pkg | CVE-2023-5752 | pip | 23.2.1 | 23.3 |
After
| Target | Vuln. ID | Package Name | Installed v. | Fixed v. |
|---|---|---|---|---|
| alpine | CVE-2023-52425 | libexpat | 2.5.0-r2 | 2.6.0-r0 |
| alpine | CVE-2023-52426 | libexpat | 2.5.0-r2 | 2.6.0-r0 |
