You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Do we know when it can be addressed or provide any workaorund on overcoming this Vulnerabilities. since with this Vulnerabilities looks like easy to break the postgres DB
The text was updated successfully, but these errors were encountered:
Hi Team
Recent docker image of Spilo having critical and high Vulnerabilities
ghcr.io/zalando/spilo-15:3.2-p1
ghcr.io/zalando/spilo-16:3.2-p2
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2023-37920 Critical certifi 2020.6.20 2023.07.22 python VULNERABLE RUN |10 DEMO=false usr/lib/python3/dist-packages/certifi-2020.6.20.egg-info/PKG-INFO
ADDITIONAL_LOCALES=
PGVERSION=16 TIMESCALEDB=2.3.1
2.11.2 2.14.2
TIMESCALEDB_APACHE_ONLY=true
TIMESCALEDB_TOOLKIT=true
COMPRESS=false
PGOLDVERSIONS=11 12 13
14 15 WITH_PERL=false
DEB_PG_SUPPORTED_VERSIONS=11
12 13 14 15 16 bash
/builddeps/patroni_wale.sh #
buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2023-4807 High cryptography 3.4.8 41.0.4 python VULNERABLE RUN |10 DEMO=false usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO
ADDITIONAL_LOCALES=
PGVERSION=16 TIMESCALEDB=2.3.1
2.11.2 2.14.2
TIMESCALEDB_APACHE_ONLY=true
TIMESCALEDB_TOOLKIT=true
COMPRESS=false
PGOLDVERSIONS=11 12 13
14 15 WITH_PERL=false
DEB_PG_SUPPORTED_VERSIONS=11
12 13 14 15 16 bash
/builddeps/patroni_wale.sh #
buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2023-43804 High urllib3 1.26.5 1.26.17 python VULNERABLE RUN |10 DEMO=false usr/lib/python3/dist-packages/urllib3-1.26.5.egg-info/PKG-INFO
ADDITIONAL_LOCALES=
PGVERSION=16 TIMESCALEDB=2.3.1
2.11.2 2.14.2
TIMESCALEDB_APACHE_ONLY=true
TIMESCALEDB_TOOLKIT=true
COMPRESS=false
PGOLDVERSIONS=11 12 13
14 15 WITH_PERL=false
DEB_PG_SUPPORTED_VERSIONS=11
12 13 14 15 16 bash
/builddeps/patroni_wale.sh #
buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2018-1000047 High ply 3.11 python VULNERABLE RUN |10 DEMO=false usr/lib/python3/dist-packages/ply-3.11.egg-info/PKG-INFO
ADDITIONAL_LOCALES=
PGVERSION=16 TIMESCALEDB=2.3.1
2.11.2 2.14.2
TIMESCALEDB_APACHE_ONLY=true
TIMESCALEDB_TOOLKIT=true
COMPRESS=false
PGOLDVERSIONS=11 12 13
14 15 WITH_PERL=false
DEB_PG_SUPPORTED_VERSIONS=11
12 13 14 15 16 bash
/builddeps/patroni_wale.sh #
buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2023-39325 High google.golang.org/grpc v1.31.0 1.58.3 go VULNERABLE COPY /builddeps/wal-g usr/local/bin/wal-g
/usr/local/bin/ # buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2023-44487 High google.golang.org/grpc v1.31.0 1.58.3 go VULNERABLE COPY /builddeps/wal-g usr/local/bin/wal-g
/usr/local/bin/ # buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2023-6596 High google.golang.org/grpc v1.31.0 1.58.3 go VULNERABLE COPY /builddeps/wal-g usr/local/bin/wal-g
/usr/local/bin/ # buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2020-26160 High github.com/dgrijalva/jwt-go v3.2.0+incompatible go VULNERABLE COPY /builddeps/wal-g usr/local/bin/wal-g
/usr/local/bin/ # buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2022-32149 High golang.org/x/text v0.3.7 0.3.8 go VULNERABLE COPY /builddeps/wal-g usr/local/bin/wal-g
/usr/local/bin/ # buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2023-50782 High cryptography 3.4.8 python VULNERABLE RUN |10 DEMO=false usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO
ADDITIONAL_LOCALES=
PGVERSION=16 TIMESCALEDB=2.3.1
2.11.2 2.14.2
TIMESCALEDB_APACHE_ONLY=true
TIMESCALEDB_TOOLKIT=true
COMPRESS=false
PGOLDVERSIONS=11 12 13
14 15 WITH_PERL=false
DEB_PG_SUPPORTED_VERSIONS=11
12 13 14 15 16 bash
/builddeps/patroni_wale.sh #
buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2023-49083 High cryptography 3.4.8 41.0.6 python VULNERABLE RUN |10 DEMO=false usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO
ADDITIONAL_LOCALES=
PGVERSION=16 TIMESCALEDB=2.3.1
2.11.2 2.14.2
TIMESCALEDB_APACHE_ONLY=true
TIMESCALEDB_TOOLKIT=true
COMPRESS=false
PGOLDVERSIONS=11 12 13
14 15 WITH_PERL=false
DEB_PG_SUPPORTED_VERSIONS=11
12 13 14 15 16 bash
/builddeps/patroni_wale.sh #
buildkit
-------------------+----------+-----------------------------+--------------------------+-------------+--------------+------------+-----------------------------------------------------------------------+---------------------------------------------------------------------
CVE-2022-29217 High pyjwt 2.3.0 2.4.0 python VULNERABLE RUN |10 DEMO=false usr/lib/python3/dist-packages/PyJWT-2.3.0.egg-info/PKG-INFO
ADDITIONAL_LOCALES=
PGVERSION=16 TIMESCALEDB=2.3.1
2.11.2 2.14.2
TIMESCALEDB_APACHE_ONLY=true
TIMESCALEDB_TOOLKIT=true
COMPRESS=false
PGOLDVERSIONS=11 12 13
14 15 WITH_PERL=false
DEB_PG_SUPPORTED_VERSIONS=11
12 13 14 15 16 bash
/builddeps/patroni_wale.sh #
buildkit
Do we know when it can be addressed or provide any workaorund on overcoming this Vulnerabilities. since with this Vulnerabilities looks like easy to break the postgres DB
The text was updated successfully, but these errors were encountered: