This repository was archived by the owner on Feb 14, 2025. It is now read-only.
This repository was archived by the owner on Feb 14, 2025. It is now read-only.
How to update rexml version? #144
Description
We are using trivy to scan the container images, and found an HIGH issues with rexml-3.2.5, I'd like to update to >=3.3.9, to fix this issue, any steps or documents?
Thanks!
- trivy scan output:
ghcr.io/voxpupuli/puppetserver:8.7.0-latest (ubuntu 22.04)
Total: 0 (HIGH: 0, CRITICAL: 0)
2024-12-17T15:38:13+08:00 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
Ruby (gemspec)
Total: 1 (HIGH: 1, CRITICAL: 0)
┌─────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────┤
│ rexml (rexml-3.2.5.gemspec) │ CVE-2024-49761 │ HIGH │ fixed │ 3.2.5 │ >= 3.3.9 │ REXML is an XML toolkit for Ruby. The REXML gem before │
│ │ │ │ │ │ │ 3.3.9... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-49761 │
└─────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────┘