Container vulnerable (python?)
Closed this issue · 0 comments
arminc commented
The version 0.1 and 0.2 are vulnerable:
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
In this case python is vulnerable and can be fixed by using version 2.7.15.
But most importantly I don't see why Python is installed because the application is a go app?