Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address CVEs for MLFlow Server Image from Twistlock Reports #2962

Closed
axsaucedo opened this issue Feb 16, 2021 · 1 comment · Fixed by #2970
Closed

Address CVEs for MLFlow Server Image from Twistlock Reports #2962

axsaucedo opened this issue Feb 16, 2021 · 1 comment · Fixed by #2970
Assignees
@axsaucedo
Labels
bug triage Needs to be triaged and prioritised accordingly

Comments

@axsaucedo
Copy link
Contributor

Actionable Vulnerabilities: Implies there is a fixed version available for vulnerable package.

Severity   CVSS       Type       CVE ID               Package                                       Version                                  status                                   Twistlock Severity   Link                                                                                                

P3         6.5        python     CVE-2020-26137       urllib3                                       1.24.2                                   fixed in 1.25.9                          medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26137                                     
P3         6.1        python     CVE-2019-11236       urllib3                                       1.24.2                                   fixed in 1.24.3                          medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11236                                     
P3         5.9        python     CVE-2020-1971        cryptography                                  2.7                                      fixed in 3.3, 1.8                        medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1971                                      
P3         0          python     PRISMA-2021-0020     click                                         7.1.2                                    fixed in 8.0.0                           medium

Summary

P1         P2         P3         P4        
0          0          4          0
@axsaucedo axsaucedo added bug triage Needs to be triaged and prioritised accordingly labels Feb 16, 2021
@axsaucedo axsaucedo mentioned this issue Feb 16, 2021
Merged
@axsaucedo axsaucedo self-assigned this Feb 18, 2021
@axsaucedo axsaucedo reopened this Feb 18, 2021
@axsaucedo
Copy link
Contributor Author

Confirmed CVEs resolved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@axsaucedo axsaucedo

Labels
bug triage Needs to be triaged and prioritised accordingly
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Addressing CVEs from Python base Image axsaucedo/seldon-core
1 participant
@axsaucedo