Multiple Critical Security vulnerabilities in Docker image (highest CVSS: 9.8)
jimscard opened this issue · comments
Jim Scardelis commented
Scanned the maildev/maildev:latest Docker image with the Trivy extension for Docker Desktop.
It identified 15 security vulnerabilities, for which fixes were available. The highest CVSS score is 9.8/10.
2 Critical: CVE-2022-2421 in socket.io-parser, and CVE-2022-37434 in zlib
4 High: CVE-2022-25881 in http-cache-semantics, CVE-2023-0286 in llibcrypto1.1, CVE-2023-0286 in libssl1.1, and CVE-2022-29244 in npm.
Additionally, there were another 9 Medium CVEs identified -- they were in libcrypto1.1, libssl1.1 and engine.io.