IBM Vulnerability Advisor found 3 security issues with our Docker image

Question

IBM Vulnerability Advisor found 3 security issues with our Docker image

EdrianI opened this issue 4 years ago · 2 comments

Vulnerability Advisor is executed every time we push a new docker image into the IBM Cloud Registry. The current CVEs are

CVE-2021-23839 - Score 3.7 - Affected Packages libcrypto1.1, libssl1.1
CVE-2021-23840 - Score: 7.5 - Affected Packages libcrypto1.1, libssl1.1
CVE-2021-23841 - Score 5.9 - Affected Packages libcrypto1.1, libssl1.1

The VA tool is suggesting we upgrade the impacted packages from 1.1 -> 1.1.1j-r0

Answer 1 · 2021-02-23T18:31:40.000Z

Looks like we should upgrade from node:alpine14 -> 15.10
https://nodejs.org/en/blog/release/v15.10.0/

Although the NodeJS doc is focused on the high CVE of the three above, all three should be fixed when NodeJS upgrades to 1.1.1j.

Answer 2 · 2021-03-25T15:40:08.000Z

The issues are no longer seen on the Vulnerability Advisor tool.