flower icon indicating copy to clipboard operation
flower copied to clipboard
verified publisher icon mher

Security Vulnerabilities in Docker Images

Open aleisha1112 opened this issue 11 months ago • 0 comments

The newer images on Docker Hub (2.0.0, 2.0.1 and master) all have security vulnerabilities. In particular mher/flower:master has these vulnerabilities with libexpat package:

  • CVE-2024-45490
  • CVE-2024-45491
  • CVE-2024-45492

I have confirmed that rebuilding the image from the source branch 2.0 allows the image to pass the scan and seems to work properly in my application.

docker build https://github.com/mher/flower.git#2.0 -t mher/flower:2.0.1-rebuild

Requesting that the Docker images be updated on Docker Hub.

aleisha1112 avatar Feb 06 '25 15:02 aleisha1112