kafka-docker icon indicating copy to clipboard operation
kafka-docker copied to clipboard

Published 20 hours ago verified publisher icon wurstmeister

security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image

Open ashishpatil09 opened this issue 3 years ago • 4 comments

Hi Team

I wanted to use the 2.6.0 docker image for Kafka but It has lots of security vulnerabilities. Please find the below list of security vulnerabilities ** CVE-2021-36159 CVE-2020-25649 CVE-2021-22926 CVE-2021-22922 CVE-2021-22924 CVE-2021-22922 CVE-2021-22924 CVE-2021-31535 CVE-2019-17571 **

Do we have any plan to fix this in the coming version or any suggestions around this? @wurstmeister

Thanks Ashish

ashishpatil09 avatar Aug 23 '21 09:08 ashishpatil09

I am facing the same issue. When I do a vulnerability scan on the image I get the same flags. It would be a case of updating dependent packages to a newer version @wurstmeister

JaMurphSmi avatar Aug 23 '21 10:08 JaMurphSmi

This image directly builds from Kafka binaries. Security issues should be fixed there first

OneCricketeer avatar Aug 25 '21 21:08 OneCricketeer

Would that be applicable if the vulnerabilities noted are mostly due to the openjdk and glibc versions being used as part of 2.13-2.7.0?

JaMurphSmi avatar Aug 26 '21 12:08 JaMurphSmi

Those would be applicable to the base Docker image used by this repo, not exactly Kafka itself.

OneCricketeer avatar Dec 09 '21 03:12 OneCricketeer