docker-nginx CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-27779, CVE-2022-30115

CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-27779, CVE-2022-30115

Open achifal opened this issue 2 years ago • 3 comments

Name Resource Severity Score Fix Version

CVE-2022-27780 curl high 7.5 7.83.1

CVE-2022-27781 curl high 7.5 7.83.1

CVE-2022-27782 curl high 7.5 7.83.1

CVE-2022-27779 curl medium 5.3 7.83.1

CVE-2022-30115 curl medium 4.3 7.83.1

Name	Resource	Severity	Score	Fix Version
CVE-2022-27780	curl	high	7.5	7.83.1
CVE-2022-27781	curl	high	7.5	7.83.1
CVE-2022-27782	curl	high	7.5	7.83.1
CVE-2022-27779	curl	medium	5.3	7.83.1
CVE-2022-30115	curl	medium	4.3	7.83.1

Jun 26 '22 10:06 achifal

To fix this we are using: RUN apk add --update --no-cache 'curl>=7.83.1-r1' --repository='http://dl-cdn.alpinelinux.org/alpine/edge/main

Jun 27 '22 06:06 achifal

https://security-tracker.debian.org/tracker/CVE-2022-27780
https://security-tracker.debian.org/tracker/CVE-2022-27781
https://security-tracker.debian.org/tracker/CVE-2022-27782
https://security-tracker.debian.org/tracker/CVE-2022-27779
https://security-tracker.debian.org/tracker/CVE-2022-30115

As for the Debian based images, they are not affected by some of these CVEs (Vulnerable code introduced later) and the rest do not have updates available in Debian's package repos.

Jul 11 '22 23:07 yosifkit

All those CVEs are now fixed in Alpine-based images.

Jul 19 '22 09:07 thresheek

All those CVEs are now fixed in Debian-based images.

Sep 07 '22 14:09 thresheek

docker-nginx docker-nginx copied to clipboard

CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-27779, CVE-2022-30115

docker-nginx
docker-nginx copied to clipboard