updated chartmuseum image contains security vulnerability(CVE-2022-37434-zlib)

Question

updated chartmuseum image contains security vulnerability(CVE-2022-37434-zlib)

prasoon-pxc opened this issue 2 years ago · comments

prasoon-pxc commented 2 years ago

Found Zlib security vulnerability on alpine image which is using as a base image in chart-museum image.

Minor fix may be available in alpine:3.13 image

Vulnerability Details --> https://access.redhat.com/security/cve/CVE-2022-37434

Chart-museum Image --> ghcr.io/helm/chartmuseum:v0.15.0

Nace Sc commented 2 years ago

#568

Nace Sc · Answer 1 · Sun Sep 11 2022 15:40:12 GMT+0800 (China Standard Time)

We will update the alphine version until our next release , if you need to use the latest version of alpine , you can use our HEAD version

prasoon-pxc · Answer 2 · Sun Sep 11 2022 20:59:38 GMT+0800 (China Standard Time)

@scbizu --> Can't we use versioned alpine image instead of latest, because this vulnerability is fix in alpine:3.13 , but if we use latest tag than it will never use 3.13 tag, or maybe I do not know if above vulnerability fix is available in latest image tag of alpine or not.