Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker Container Image Vulnerability - CVE-2023-44487 #216

Closed
rlindner5 opened this issue Mar 28, 2024 · 1 comment
Closed

Docker Container Image Vulnerability - CVE-2023-44487 #216

rlindner5 opened this issue Mar 28, 2024 · 1 comment

Comments

@rlindner5
Copy link

Choose one: BUG REPORT

What happened: Docker container is showing a high vulnerability using Cisco Vulnerability Management scanning tool. This is NOT a duplicate of #158 as this vulnerability is not included in that bug report, which is now almost 3 years old.

This vulnerability was recently fixed in version 3.5.0 of litmuschaos/chaos-operator. However it seems like the new image requires us to upgrade our chaos-runner image as well, which led to us running into this issue.

CVE Library Version Severity Fixed By Path

GHSA-qppj-fm5r-hxr3 golang.org/x/net v0.7.0 High v0.17.0 /usr/local/bin/chaos-operator

CVE-2023-44487

What you expected to happen: Scanning jobs for production level containers should not have high vulnerabilities when using the latest image.

How to reproduce it (as minimally and precisely as possible): Used the Cisco Vulnerability Management scanning tool https://www.cisco.com/site/us/en/products/security/vulnerability-management/index.html

@rlindner5
Copy link
Author

Looks like this was fixed as of 3.7.0, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant