You submitted a lot of questions that you will not individually get an answer to individually.
Please consult relevant databases of your choice to get your answers. The CVE databases out there purpose is to provide all the information necessary. If every user would ask questions about every single CVE to all the devlist, we would have to do nothing but respond to the issues. Such response also cannot be treated in any way than an advisory - and bear no more significance than advisory you have in CVE databases (those are precisely advisory databases). Use your best judgment if your system is vulnerable to certain issues or not based on the public advisories please. We will not be able to analyse your usage to answer the question for you - you are the only person that can do it. if you have a security issue that you would like to report as vulnerability - please follow the security policy https://github.com/apache/airflow/security/policy J. On Wed, Mar 1, 2023 at 4:06 PM Sahib Aulakh <[email protected]> wrote: > > Twistlock scan on Airflow 2.5.1 Docker image warns about NVD - CVE-2021-46848 > (nist.gov). > > However, according to the following link: > > Information on source package libtasn1-6 (debian.org), > > this issue has been fixed in bullseye Debian release, which is what Docker is > using (as confirmed by the /etc/os-release file in the Docker image. > > So, am I correct in concluding that CVE-2021-46848 is *not* an issue with > Airflow 2.5.1? > > Thanks.
