Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High vulnerability from trivy scan in Docker image #42

Closed
dotdak opened this issue Jun 26, 2023 · 1 comment · Fixed by #44
Closed

High vulnerability from trivy scan in Docker image #42

dotdak opened this issue Jun 26, 2023 · 1 comment · Fixed by #44

Comments

@dotdak
Copy link

dotdak commented Jun 26, 2023
edited
Loading

Hi team,

I am finding an image k6 with sql support and get here. I built a docker image myself using your Dockerfile and tried scan vulnerability using trivy. I got this:

usr/bin/k6 (gobinary)

Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)

Library Vulnerability Severity Installed Version Fixed Version Title
golang.org/x/net CVE-2022-41721 HIGH v0.0.0-20221002022538-bcab6841153b 0.1.1-0.20221104162952-702349b0e862 request smuggling https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 0.7.0 avoid quadratic complexity in HPACK decoding https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41717 MEDIUM 0.4.0 excessive memory growth in a Go server accepting HTTP/2 requests https://avd.aquasec.com/nvd/cve-2022-41717

I proposed a temporary fix on this PR-43
javaducky added a commit that referenced this issue Aug 2, 2023
@javaducky
Upgrade dependencies to address vulnerability
d2b3cb5 
Fixes #42

Signed-off-by: Paul Balogh <[email protected]>
javaducky added a commit that referenced this issue Aug 2, 2023
@javaducky
Upgrade dependencies to address vulnerability
8686b33 
Fixes #42

Signed-off-by: Paul Balogh <[email protected]>
@javaducky javaducky mentioned this issue Aug 3, 2023
Merged
@javaducky
Copy link
Contributor

@dotdak, thank you so very much for bringing this issue to our attention! 🙏

jt-shippit pushed a commit to jt-shippit/xk6-sql that referenced this issue Jun 14, 2024
@javaducky @jt-shippit
Upgrade dependencies to address vulnerability
8619e62 
Fixes grafana#42

Signed-off-by: Paul Balogh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade dependencies to address vulnerability grafana/xk6-sql
2 participants
@javaducky @dotdak