Vulnerability report - 5 Oct 2021
paulbouwer opened this issue · comments
Paul Bouwer commented
Update the base image to cater for the following CVEs:
- CVE-2021-3712 Package: libssl1.1 | openssl: Read buffer overruns processing ASN.1 strings
- CVE-2021-3711 Package: libssl1.1 | openssl: SM2 Decryption Buffer Overflow
- CVE-2021-3712 Package: libcrypto1.1 | openssl: Read buffer overruns processing ASN.1 strings
- CVE-2021-3711 Package: libcrypto1.1 | openssl: SM2 Decryption Buffer Overflow
- CVE-2021-36159 Package: apk-tools
Remediation:
- Update to Alpine 3.13
- Update container base image to node:16-alpine3.13