Vulnerability in libexpat < 2.4.9 CVE-2022-40674

Question

gvdmarck opened this issue 2 years ago · 2 comments

Latest image contains libexpat 2.4.8 which has a critical vulnerability CVE-2022-40674 (pulled as a git dependency).

Would it be possible to re build an image with libexpaxt 2.4.9 ?

Answer 1 · 2022-10-04T12:37:40.000Z

thanks to report the issue, I have re-built the image, seems it got latest libexpat. Please confirm.

I also added feature to run trivy scan on the image and generate the report

if compare with the old image

Answer 2 · 2022-10-05T10:05:11.000Z

Hello Bill,

We just did a rebuild and everything is fine, snyk is happy.

Thank you for the swift reaction!