Skip to content
This repository has been archived by the owner on Mar 17, 2024. It is now read-only.

High and Critical Vulnerabilities #458

Open
krkazmier opened this issue Mar 29, 2023 · 0 comments
Open

High and Critical Vulnerabilities #458

krkazmier opened this issue Mar 29, 2023 · 0 comments

Comments

@krkazmier
Copy link

We have recently completed a scan of the kafka image and identified 1 Critical and 1 High vulnerability. Snippet of trivy report below:

┌──────────────────────────────────────────────────────────────┬────────────────┬──────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│                           Library                            │ Vulnerability  │ Severity │ Installed Version │ Fixed Version  │                            Title                             │
├──────────────────────────────────────────────────────────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ com.fasterxml.jackson.dataformat:jackson-dataformat-cbor     │ CVE-2020-28491 │ HIGH     │ 2.6.7             │ 2.11.4, 2.12.1 │ jackson-dataformat-cbor: Unchecked allocation of byte buffer │
│ (com.fasterxml.jackson.dataformat.jackson-dataformat-cbor-2- │                │          │                   │                │ can cause a java.lang.OutOfMemoryError exception...          │
│ .6.7.jar)                                                    │                │          │                   │                │ https://avd.aquasec.com/nvd/cve-2020-28491                   │
├──────────────────────────────────────────────────────────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ org.yaml:snakeyaml (org.yaml.snakeyaml-1.26.jar)             │ CVE-2022-1471  │ CRITICAL │ 1.26              │ 2.0            │ SnakeYaml: Constructor Deserialization Remote Code Execution │
│                                                              │                │          │                   │                │ https://avd.aquasec.com/nvd/cve-2022-1471                    │
└──────────────────────────────────────────────────────────────┴────────────────┴──────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘

Would like to see if these have already been identified or being tracked for a fix. Attached is the trivy report. Thanks.

kafka-vulns.txt
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@krkazmier