zero-to-jupyterhub-k8s
zero-to-jupyterhub-k8s copied to clipboard
Published
20 hours ago •
jupyterhub
jupyterhub
Vulnerability patch in secret-sync
trafficstars
A rebuild of quay.io/jupyterhub/k8s-secret-sync has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.
About
This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:
- ignore-unfixed:
true
Before
Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-secret-sync:4.0.0-0.dev.git.6543.ha8cb249d.
| Target | Vuln. ID | Package Name | Installed v. | Fixed v. |
|---|---|---|---|---|
| alpine | CVE-2024-2511 | libcrypto3 | 3.1.4-r5 | 3.1.4-r6 |
| alpine | CVE-2024-2511 | libssl3 | 3.1.4-r5 | 3.1.4-r6 |
| python-pkg | CVE-2024-3651 | idna | 3.6 | 3.7 |
After
| Target | Vuln. ID | Package Name | Installed v. | Fixed v. |
|---|---|---|---|---|
| alpine | CVE-2024-2511 | libcrypto3 | 3.1.4-r5 | 3.1.4-r6 |
| alpine | CVE-2024-2511 | libssl3 | 3.1.4-r5 | 3.1.4-r6 |
