Hello Team,
Below vulnerabilities have been detected for Image vault:v1.11.3 by the vulnerability scanner.
Component: CVE-2022-27664
Please let us when it will get fixed ?
Hello,
It sounds like you may be simply attempting to drive the number of issues reported from your scanner to zero, without considering the content of the vulnerabilities, or whether they are relevant in context.
Is this issue actually of concern in your environment?
The issue has been fixed upstream in Go 1.18 and 1.19. It has not been fixed in the Go 1.17 series, which is used by Vault 1.11, so I would not expect to see a fix in any future Vault 1.11 release.
The unreleased Vault 1.12 series is already using Go 1.18 - though currently of an affected version - so it is quite plausible that the fix will have been incorporated for Vault 1.12.0.
1 Like
Hi @maxb
We will be deploying this in highly sensitive and critical infra. Due to security compliance, we have to eliminate all the high vulnerabilities.
Hello Team,
As of now , we are using Image vault:v1.11.1, in that we found out the below vulnerabilities by the vulnerability scanner.
Component: CVE-2022-32189, CVE-2022-27664, PRISMA-2022-0270, PRISMA-2022-0164, GHSA-xg2h-wx96-xgxr, CVE-2022-37434,
Please let us when it will get fixed ?
Hello,
It appears you are still simply attempting to drive the number of issues reported from your scanner to zero, without considering the content of the vulnerabilities, or whether they are relevant in context.
I recommend you stop doing that, as it will only lead to frustration - both your own and the people you’re pushing to “fix” vulnerabilities that aren’t relevant.
1 Like