New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical and High Severity in alpine image in google/cloud-sdk/492.0.0-alpine #472

Open

nmeena-suki opened this issue Sep 11, 2024 · 3 comments

nmeena-suki commented Sep 11, 2024 •

edited

Loading

The alpine version of this image seems to be vulnerable to GHSA-v23v-6jw2-98fq
You need to update your docker static source version
Image: https://hub.docker.com/layers/google/cloud-sdk/492.0.0-alpine/images/sha256-201db51115dc28aea998b5caf581233733957b289169acd1d54b7102a41d4bab?context=explore

There are also other high vulnerabilites in cryptography package and the fix is available
GHSA-3ww4-gg4f-jr7f
GHSA-6vqw-3v5j-54x4

When can we expect an upgrade

Author

nmeena-suki commented Sep 11, 2024

There are 20 Vul, out of which these are fixable

Screenshot 2024-09-11 at 1 37 00 PM

young-mmfm commented Sep 23, 2024

google/cloud-sdk/493.0.0-alpine also has security issues:

493.0 went back to Alpine 3.19 from Alpine 3.20. Alpine 3.20.3 currently has no known vulnerabilities: https://hub.docker.com/layers/library/alpine/3.20.3/images/sha256-33735bd63cf84d7e388d9f6d297d348c523c044410f553bd878c6d7829612735?context=explore.

Wondering if it's possible to upgrade to Alpine 3.20.3? 🙏 Thank you!

young-mmfm commented Sep 23, 2024

Correction: even when upgrading to Alpine 3.20.3, there seem to be vulnerabilities specifically in py3-openssl and the google cloud CLI:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment