uwsgi-nginx-flask-docker icon indicating copy to clipboard operation
uwsgi-nginx-flask-docker copied to clipboard

Published 20 hours ago verified publisher icon tiangolo

Vulnerabilities in tiangolo/uwsgi-nginx-flask:python3.8

Open asusatapathy opened this issue 4 years ago • 2 comments

Hi Team,

Am getting around 2 Critical and more than 32 high vulnerability issues in the base image : tiangolo/uwsgi-nginx-flask:python3.8

Attached screen shots for your reference. Screenshot 2021-02-10 at 7 22 02 PM Screenshot 2021-02-10 at 7 24 10 PM

asusatapathy avatar Feb 10 '21 13:02 asusatapathy

Raising additional vulnerabilities identified with Trivy container scanning.

28 Critical vulnerabilities:

  • CVE-2019-19948
  • CVE-2019-19949
  • CVE-2019-20367
  • CVE-2021-33574
  • CVE-2020-0452
  • CVE-2020-13112
  • CVE-2021-20231
  • CVE-2021-20232
  • CVE-2020-15180
  • CVE-2021-3177
  • CVE-2019-25032
  • CVE-2019-25033
  • CVE-2019-25034
  • CVE-2019-25035
  • CVE-2019-25038
  • CVE-2019-25039
  • CVE-2019-25042
  • CVE-2018-25009
  • CVE-2018-25010
  • CVE-2018-25011
  • CVE-2018-25012
  • CVE-2018-25013
  • CVE-2018-25014
  • CVE-2020-36328
  • CVE-2020-36329
  • CVE-2020-36330
  • CVE-2020-36331
  • CVE-2019-18814

Anyway the community could help in tackling some of these? This is a great image used by many projects/companies.

phonomenal avatar Jun 06 '21 02:06 phonomenal

Snyk :

Testing uswgi-nginx-flask:latest...

✗ Medium severity vulnerability found in e2fsprogs/libcom_err Description: Out-of-bounds Write Info: https://snyk.io/vuln/SNYK-ALPINE37-E2FSPROGS-493456 Introduced through: e2fsprogs/[email protected], krb5-conf/[email protected] From: e2fsprogs/[email protected] From: krb5-conf/[email protected] > krb5/[email protected] > e2fsprogs/[email protected] Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 1.43.7-r1

✗ High severity vulnerability found in expat/expat Description: XML External Entity (XXE) Injection Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-453374 Introduced through: expat/[email protected], .python-rundeps@0, python2/[email protected], python3/[email protected] From: expat/[email protected] From: .python-rundeps@0 > expat/[email protected] From: python2/[email protected] > expat/[email protected] and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 2.2.7-r0

✗ High severity vulnerability found in expat/expat Description: Out-of-bounds Read Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-489399 Introduced through: expat/[email protected], .python-rundeps@0, python2/[email protected], python3/[email protected] From: expat/[email protected] From: .python-rundeps@0 > expat/[email protected] From: python2/[email protected] > expat/[email protected] and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 2.2.7-r1

✗ Critical severity vulnerability found in sqlite/sqlite-libs Description: Out-of-bounds Read Info: https://snyk.io/vuln/SNYK-ALPINE37-SQLITE-458200 Introduced through: sqlite/[email protected], .python-rundeps@0, python2/[email protected], python3/[email protected] From: sqlite/[email protected] From: .python-rundeps@0 > sqlite/[email protected] From: python2/[email protected] > sqlite/[email protected] and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 3.25.3-r1

✗ Critical severity vulnerability found in bzip2/libbz2 Description: Out-of-bounds Write Info: https://snyk.io/vuln/SNYK-ALPINE37-BZIP2-452717 Introduced through: bzip2/[email protected], .python-rundeps@0, freetype/[email protected], python2/[email protected], python3/[email protected] From: bzip2/[email protected] From: .python-rundeps@0 > bzip2/[email protected] From: freetype/[email protected] > bzip2/[email protected] and 2 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 1.0.6-r7

Package manager: apk Project name: docker-image|uswgi-nginx-flask Docker image: uswgi-nginx-flask:latest Platform: linux/amd64 Base image: python:3.6.8-alpine3.7

Tested 63 dependencies for known vulnerabilities, found 5 vulnerabilities.

Base Image Vulnerabilities Severity python:3.6.8-alpine3.7 6 3 critical, 2 high, 1 medium, 0 low

Recommendations for base image upgrade:

Alternative image types Base Image Vulnerabilities Severity python:3.11-rc-slim-bullseye 49 0 critical, 1 high, 0 medium, 48 low python:3.7-slim 49 0 critical, 1 high, 0 medium, 48 low python:slim 49 0 critical, 1 high, 0 medium, 48 low python:3.10.5-slim-buster 84 0 critical, 1 high, 0 medium, 83 low

Alpine 3.7.1 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates.

For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp

aspirina765 avatar Aug 05 '22 23:08 aspirina765

These are things related to the underlying base images and not really this one, right? Probably better to check and report them in the respective base images. 🤓

Sorry for the long delay! 🙈 I wanted to personally address each issue/PR and they piled up through time, but now I'm checking each one in order.

tiangolo avatar Nov 11 '22 10:11 tiangolo

Assuming the original issue was solved, it will be automatically closed now. But feel free to add more comments or create new issues.

github-actions[bot] avatar Nov 22 '22 00:11 github-actions[bot]