Vulerabilites
camaeel opened this issue · 1 comments
camaeel commented
Trivy scanner shows there are 2 vulnerabilities with possible fix in the latest docker image (kphoen/dark:v0.5.7).
How to reproduce:
- Install trivy (https://github.com/aquasecurity/trivy)
- Scan:
trivy kphoen/dark:v0.5.7
Output:
kphoen/dark:v0.5.7 (alpine 3.14.1)
==================================
Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 2, CRITICAL: 0)
+--------------+------------------+----------+-------------------+---------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+--------------+------------------+----------+-------------------+---------------+--------------------------------------+
| libcrypto1.1 | CVE-2021-3711 | HIGH | 1.1.1k-r0 | 1.1.1l-r0 | openssl: SM2 Decryption |
| | | | | | Buffer Overflow |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3711 |
+ +------------------+----------+ + +--------------------------------------+
| | CVE-2021-3712 | MEDIUM | | | openssl: Read buffer overruns |
| | | | | | processing ASN.1 strings |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3712 |
+--------------+------------------+----------+ + +--------------------------------------+
| libssl1.1 | CVE-2021-3711 | HIGH | | | openssl: SM2 Decryption |
| | | | | | Buffer Overflow |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3711 |
+ +------------------+----------+ + +--------------------------------------+
| | CVE-2021-3712 | MEDIUM | | | openssl: Read buffer overruns |
| | | | | | processing ASN.1 strings |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3712 |
+--------------+------------------+----------+-------------------+---------------+--------------------------------------+
camaeel commented
Duplicate