Jonathan Kwan created GUACAMOLE-1768:
----------------------------------------
Summary: Docker - Guacamole Vulnerability Updates
Key: GUACAMOLE-1768
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1768
Project: Guacamole
Issue Type: Improvement
Components: guacamole, guacd-docker
Affects Versions: 1.5.0
Reporter: Jonathan Kwan
Hi,
I was doing a synk vulnerability scan with "docker scan" to see what
vulnerabilities were in the docker image. I saw the below, and was inquiring
how the docker components get updated from a vulnerability perspective?
Issues to fix by upgrading:
Upgrade com.fasterxml.woodstox:woodstox-core@5.2.1 to
com.fasterxml.woodstox:woodstox-core@5.4.0 to fix
✗ Denial of Service (DoS) [Medium
Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135]
in com.fasterxml.woodstox:woodstox-core@5.2.1
introduced by com.fasterxml.woodstox:woodstox-core@5.2.1
✗ XML External Entity (XXE) Injection [Critical
Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754]
in com.fasterxml.woodstox:woodstox-core@5.2.1
introduced by com.fasterxml.woodstox:woodstox-core@5.2.1
The above is from the latest guacamole docker image. For guacd, there wasn't
anything shown at the moment.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
