Critical Vulnerabilities detected for busybox, openssl, nats-server, and more #892
Labels
defect
Suspected defect such as a bug or regression
Comments
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
What version were you using?
busybox: 1.36.1-r0
openssl: 1.36.1-r0
nats-server: 2.9.19
nkeys: 0.4.4
protobuf: 1.30.0
What environment was the server running in?
nats: 2.10.11-alpine
natsio/nats-server-config-reloader: 0.11.0
natsio/prometheus-nats-exporter: 0.12.0
Is this defect reproducible?
Yes, it was found in multiple security scans over time.
Given the capability you are leveraging, describe your expectation?
Will updating the below docker images update the versions of busybox, openssl, nats-server, and protobuf versions to the latest versions that don't contain the vulnerabilities shown in the next section?
nats: update to 2.10.14-alpine
natsio/nats-server-config-reloader: update to 0.11.0
natsio/prometheus-nats-exporter: update to 0.14.2
Given the expectation, what is the defect you are observing?
Critical:
CVE-2022-48174
High:
CVE-47090
CVE-2023-5363
CVE-2023-6237
CVE-2024-2511
CVE-2023-46129
CVE-2024-24786
The text was updated successfully, but these errors were encountered: