Container with critical/high severity network vulnerability with a known exploit
superbsky opened this issue · comments
Problem:
The package perl-base version 5.32.1-4+deb11u2 was detected in APT package manager on a container image running Debian 11.6 is vulnerable to CVE-2023-31484, which exists in all current versions.
The vulnerability was found in the Official Debian Security Advisories with vendor severity: High (NVD severity: High).
This vulnerability has a known exploit available. Source: Github.
Solution:
This vulnerability cannot be remediated because a fix has not been released.
Additional context
mcr.microsoft.com/oss/kubernetes/kube-proxy@sha256:061695013ee4b22114ea5781f86bb349697b0ce4e6d49e7ad43a498fc42dba4f
mcr.microsoft.com/oss/kubernetes-csi/blob-csi@sha256:bf0cde42434c5cd5f6b67b9daff9956b822d1aeafe92126159e266b7e5f6afac
mcr.microsoft.com/cromwellonazure/tes@sha256:aa41ab05b10c43c426d552c23cfff9288e438f6e42e84fbd8eed7b3329e3f392
mcr.microsoft.com/cromwellonazure/triggerservice@sha256:80eff46bf80480ab8b23d91dca3d144046b20fa74a6b7067494892beb61a6395
UPDATE 2023-06-12: v0.083-TRIAL has been released with a fix.
from: https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/