docker-nginx
docker-nginx copied to clipboard
CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-27779, CVE-2022-30115
Name | Resource | Severity | Score | Fix Version |
---|---|---|---|---|
CVE-2022-27780 | curl | high | 7.5 | 7.83.1 |
CVE-2022-27781 | curl | high | 7.5 | 7.83.1 |
CVE-2022-27782 | curl | high | 7.5 | 7.83.1 |
CVE-2022-27779 | curl | medium | 5.3 | 7.83.1 |
CVE-2022-30115 | curl | medium | 4.3 | 7.83.1 |
To fix this we are using:
RUN apk add --update --no-cache 'curl>=7.83.1-r1' --repository='http://dl-cdn.alpinelinux.org/alpine/edge/main
- https://security-tracker.debian.org/tracker/CVE-2022-27780
- https://security-tracker.debian.org/tracker/CVE-2022-27781
- https://security-tracker.debian.org/tracker/CVE-2022-27782
- https://security-tracker.debian.org/tracker/CVE-2022-27779
- https://security-tracker.debian.org/tracker/CVE-2022-30115
As for the Debian based images, they are not affected by some of these CVEs (Vulnerable code introduced later
) and the rest do not have updates available in Debian's package repos.
All those CVEs are now fixed in Alpine-based images.
All those CVEs are now fixed in Debian-based images.