docker-nginx icon indicating copy to clipboard operation
docker-nginx copied to clipboard
verified publisher icon nginxinc

vulnerabilities CVE-2022-2068, CVE-2022-22576, CVE-2022-27775 CVE-2022-27782 CVE-2022-27781

Open ericsoucy opened this issue 3 years ago • 1 comments

please see https://snyk.io/test/docker/nginx?tab=dependencies

ericsoucy avatar Jul 08 '22 20:07 ericsoucy

  • https://security-tracker.debian.org/tracker/CVE-2022-2068
  • https://security-tracker.debian.org/tracker/CVE-2022-22576
  • https://security-tracker.debian.org/tracker/CVE-2022-27775
  • https://security-tracker.debian.org/tracker/CVE-2022-27782
  • https://security-tracker.debian.org/tracker/CVE-2022-27781

Some of these have fixes available in Debian's package repos, while some do not; any with fixes will be updated via a rebuilt image once https://github.com/docker-library/official-images/pull/12776 is merged and all dependent images are rebuilt.

yosifkit avatar Jul 11 '22 23:07 yosifkit

All those CVEs are fixed in current Debian and Alpine-based images.

thresheek avatar Oct 11 '22 08:10 thresheek