You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found this issue (#25177) where Go was apparently updated from 1.21.10 to 1.21.12, but the Trivy says the Go version is 1.21.9?
I tried to research some of these vulnerabilities and as far as I understand the dasel vulnerabilities are not really critical or high since it is used only for configuration parsing? There are other vulnerabilities found in influx and influxd binaries though.
I scanned the latest Alpine image (2.7.11-alpine) using Trivy and found multiple critical and high severity vulnerabilities:
Here is the same report in PDF: influxdb-2.7.11-alpine-vulnerabilities.pdf
I found this issue (#25177) where Go was apparently updated from 1.21.10 to 1.21.12, but the Trivy says the Go version is 1.21.9?
I tried to research some of these vulnerabilities and as far as I understand the dasel vulnerabilities are not really critical or high since it is used only for configuration parsing? There are other vulnerabilities found in influx and influxd binaries though.
These same vulnerabilities are listed in the Dockerhub page: https://hub.docker.com/layers/library/influxdb/2.7.11-alpine/images/sha256-7b910c12adf77fd4494e09c07c69d94bc9027a63ee137c481820af10de30f15b
Are these actual vulnerabilities or false positives? Is there a list of false positive vulnerabilities somewhere?
The text was updated successfully, but these errors were encountered: