nginx/docker-nginx-unprivileged

[security] Vulnerabilities in libssl and libcrypto

Closed this issue 9 months ago · 1 comments

kenanjasim commented 9 months ago

Describe the bug

When uisng the latest alpine build of this image and scanning the resulting image with trivy there are 3 vulnerabilities namely:

CVE-2024-13176 which is caused by libcrypto3@3.3.2-r1 and resolved in 3.3.2-r2
CVE-2024-9143 which is caused by libcrypto3@3.3.2-r1 and resolved in 3.3.2-r3
CVE-2024-13176 which is caused by libssl3@3.3.2-r2 and resolved in 3.3.2-r2

To reproduce

Steps to reproduce the behavior:

Build an image using nginxinc/nginx-unprivileged:1.27-alpine3.20 as the base
Scan the build image using aquasec/trivy:0.59.0
See error

Your environment

nginxinc/nginx-unprivileged:1.27-alpine3.20

Additional context

It appears this issue is only fixed currently by using alpine 3.21 which is not offered currently

alessfg commented 9 months ago

Mainline images have been updated to Alpine 3.21 and packages have been updated 😄

❤️1