go-sqlcmd
go-sqlcmd copied to clipboard
Published
20 hours ago •
microsoft
microsoft
CVE-2024-41110, CVE-2024-45337, CVE-2023-45288 critical security issues reported with an evidence pointing to /usr/bin/sqlcmd in Ubuntu
Microsoft Defender for cloud reports CVE-2024-41110, CVE-2024-45337, CVE-2023-45288 on the container images where sqlcmd is installed.
FROM ubuntu:22.04
SHELL ["/bin/bash", "-c"]
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get upgrade -y && apt-get install -y -qq --no-install-recommends apt-utils curl wget apt-transport-https software-properties-common
RUN curl -sSL -O https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb
RUN dpkg -i packages-microsoft-prod.deb
RUN rm packages-microsoft-prod.deb
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y -qq --no-install-recommends sqlcmd
ENTRYPOINT ["sqlcmd"]
Issues are related to:
golang.org/x/crypto
github.com/docker/docker
Evidence field points to /usr/bin/sqlcmd
"softwareDetails": {
"version": "24.0.6.0",
"language": "go",
"vendor": "github.com/docker/docker",
"fixedVersion": "25.0.6",
"packageName": "github.com/docker/docker",
"osDetails": {
"osPlatform": "linux",
"osVersion": "ubuntu_linux_22.04"
},
"fixStatus": "FixAvailable",
"category": "Language",
"evidence": [
"/usr/bin/sqlcmd"
]
},
"softwareDetails": {
"version": "0.14.0.0",
"language": "go",
"vendor": "golang.org/x/crypto",
"fixedVersion": "0.31.0",
"packageName": "golang.org/x/crypto",
"osDetails": {
"osPlatform": "linux",
"osVersion": "ubuntu_linux_22.04"
},
"fixStatus": "FixAvailable",
"category": "Language",
"evidence": [
"/usr/bin/sqlcmd"
]
},
