Created
March 1, 2021 13:30
-
-
Save midhun-at-vineti/37c3e781c1ff3285c6df194a4e386d61 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker scan metabase/metabase-enterprise:v1.36.6.4 | |
| Testing metabase/metabase-enterprise:v1.36.6.4... | |
| ✗ Medium severity vulnerability found in openssl/libcrypto1.1 | |
| Description: NULL Pointer Dereference | |
| Info: https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1051931 | |
| Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, apk-tools/apk-tools@2.10.5-r0, libtls-standalone/libtls-standalone@2.9.1-r0 | |
| From: openssl/libcrypto1.1@1.1.1g-r0 | |
| From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 | |
| From: apk-tools/apk-tools@2.10.5-r0 > openssl/libcrypto1.1@1.1.1g-r0 | |
| and 4 more... | |
| Fixed in: 1.1.1i-r0 | |
| ✗ Medium severity vulnerability found in musl/musl | |
| Description: Out-of-bounds Write | |
| Info: https://snyk.io/vuln/SNYK-ALPINE311-MUSL-1042763 | |
| Introduced through: musl/musl@1.1.24-r2, busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, zlib/zlib@1.2.11-r3, apk-tools/apk-tools@2.10.5-r0, readline/readline@8.0.1-r0, bash/bash@5.0.11-r1, libtls-standalone/libtls-standalone@2.9.1-r0, busybox/ssl_client@1.31.1-r9, bzip2/libbz2@1.0.8-r1, expat/expat@2.2.9-r1, freetype/freetype@2.10.1-r0, util-linux/libuuid@2.34-r1, fontconfig/fontconfig@2.13.1-r2, libpng/libpng@1.6.37-r1, gcc/libgcc@9.2.0-r4, musl/musl-utils@1.1.24-r2, libfontenc/libfontenc@1.1.4-r0, mkfontscale/mkfontscale@1.2.1-r1, pax-utils/scanelf@1.2.4-r0, ncurses/ncurses-libs@6.1_p20200118-r4, libc-dev/libc-utils@0.7.2-r0 | |
| From: musl/musl@1.1.24-r2 | |
| From: busybox/busybox@1.31.1-r9 > musl/musl@1.1.24-r2 | |
| From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > musl/musl@1.1.24-r2 | |
| and 22 more... | |
| Fixed in: 1.1.24-r3 | |
| ✗ Medium severity vulnerability found in freetype/freetype | |
| Description: Out-of-bounds Write | |
| Info: https://snyk.io/vuln/SNYK-ALPINE311-FREETYPE-1019647 | |
| Introduced through: freetype/freetype@2.10.1-r0, fontconfig/fontconfig@2.13.1-r2, mkfontscale/mkfontscale@1.2.1-r1 | |
| From: freetype/freetype@2.10.1-r0 | |
| From: fontconfig/fontconfig@2.13.1-r2 > freetype/freetype@2.10.1-r0 | |
| From: mkfontscale/mkfontscale@1.2.1-r1 > freetype/freetype@2.10.1-r0 | |
| Fixed in: 2.10.1-r1 | |
| ✗ High severity vulnerability found in openssl/libcrypto1.1 | |
| Description: Integer Overflow or Wraparound | |
| Info: https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1075737 | |
| Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, apk-tools/apk-tools@2.10.5-r0, libtls-standalone/libtls-standalone@2.9.1-r0 | |
| From: openssl/libcrypto1.1@1.1.1g-r0 | |
| From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 | |
| From: apk-tools/apk-tools@2.10.5-r0 > openssl/libcrypto1.1@1.1.1g-r0 | |
| and 4 more... | |
| Fixed in: 1.1.1j-r0 | |
| ✗ High severity vulnerability found in openssl/libcrypto1.1 | |
| Description: Integer Overflow or Wraparound | |
| Info: https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1075738 | |
| Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, apk-tools/apk-tools@2.10.5-r0, libtls-standalone/libtls-standalone@2.9.1-r0 | |
| From: openssl/libcrypto1.1@1.1.1g-r0 | |
| From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 | |
| From: apk-tools/apk-tools@2.10.5-r0 > openssl/libcrypto1.1@1.1.1g-r0 | |
| and 4 more... | |
| Fixed in: 1.1.1j-r0 | |
| ✗ High severity vulnerability found in openssl/libcrypto1.1 | |
| Description: Inadequate Encryption Strength | |
| Info: https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1075739 | |
| Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, apk-tools/apk-tools@2.10.5-r0, libtls-standalone/libtls-standalone@2.9.1-r0 | |
| From: openssl/libcrypto1.1@1.1.1g-r0 | |
| From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 | |
| From: apk-tools/apk-tools@2.10.5-r0 > openssl/libcrypto1.1@1.1.1g-r0 | |
| and 4 more... | |
| Fixed in: 1.1.1j-r0 | |
| ✗ High severity vulnerability found in gcc/libgcc | |
| Description: Insufficient Entropy | |
| Info: https://snyk.io/vuln/SNYK-ALPINE311-GCC-598616 | |
| Introduced through: gcc/libgcc@9.2.0-r4, glibc/glibc-bin@2.31-r0 | |
| From: gcc/libgcc@9.2.0-r4 | |
| From: glibc/glibc-bin@2.31-r0 > gcc/libgcc@9.2.0-r4 | |
| Fixed in: 9.3.0-r0 | |
| Organization: undefined | |
| Package manager: apk | |
| Project name: docker-image|metabase/metabase-enterprise | |
| Docker image: metabase/metabase-enterprise:v1.36.6.4 | |
| Platform: linux/amd64 | |
| Tested 31 dependencies for known vulnerabilities, found 7 vulnerabilities. | |
| For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment