Need fix for CVE-2022-21797

Question

Need fix for CVE-2022-21797

saranyareddy24 opened this issue 10 months ago · comments

Saranya Reddipalli commented 10 months ago

CVE reported in ceph container.
Image scanned: quay.io/ceph/ceph:v17

Python (python-pkg)

Library: joblib
Severity: critical
Installed version: 0.16.0
Fixed version: 1.2.0

Saranya Reddipalli · Answer 1 · Mon Jul 24 2023 17:00:36 GMT+0800 (China Standard Time)

Looks like it needs to be fixed from Dockerfile, this yum repo yum copr enable -y tchaikov/python-scikit-learn is installing the 0.16.0 joblib library.

Saranya Reddipalli · Answer 2 · Mon Jul 31 2023 12:08:42 GMT+0800 (China Standard Time)

Can someone please look into this issue. Kind of critical for us.