Container with critical/high severity network vulnerability with a known exploit

Question

Container with critical/high severity network vulnerability with a known exploit

superbsky opened this issue a year ago · comments

Problem:
The package perl-base version 5.32.1-4+deb11u2 was detected in APT package manager on a container image running Debian 11.6 is vulnerable to CVE-2023-31484, which exists in all current versions.

The vulnerability was found in the Official Debian Security Advisories with vendor severity: High (NVD severity: High).

This vulnerability has a known exploit available. Source: Github.

Solution:
This vulnerability cannot be remediated because a fix has not been released.

Additional context
mcr.microsoft.com/oss/kubernetes/kube-proxy@sha256:061695013ee4b22114ea5781f86bb349697b0ce4e6d49e7ad43a498fc42dba4f
mcr.microsoft.com/oss/kubernetes-csi/blob-csi@sha256:bf0cde42434c5cd5f6b67b9daff9956b822d1aeafe92126159e266b7e5f6afac
mcr.microsoft.com/cromwellonazure/tes@sha256:aa41ab05b10c43c426d552c23cfff9288e438f6e42e84fbd8eed7b3329e3f392
mcr.microsoft.com/cromwellonazure/triggerservice@sha256:80eff46bf80480ab8b23d91dca3d144046b20fa74a6b7067494892beb61a6395

Blair L Murri · Answer 1 · Sat Dec 16 2023 04:52:46 GMT+0800 (China Standard Time)

UPDATE 2023-06-12: v0.083-TRIAL has been released with a fix.

from: https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/