malhuda/lookingglass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 16 Wiki Activity

Docker images vulnerable (CVE-2024-4577) #46

Merged
clertes merged 1 commits from main into main 2024-12-20 16:31:21 +08:00
Conversation 1 Commits 1 Files Changed 1 +1 -1
clertes commented 2024-12-20 00:51:28 +08:00 (Migrated from github.com)
Copy Link

It seems like the used Docker image for the php-fpm container is vulnerable to (at least) CVE-2024-4577 (https://nvd.nist.gov/vuln/detail/cve-2024-4577) which allows attackers to execute custom scripts remotely.

Therefore I highly recommend to update the used base image from php:8.1-fpm-bullseye to e.g. php:8.4.1-fpm-bullseye.

It seems like the used Docker image for the php-fpm container is vulnerable to (at least) CVE-2024-4577 (https://nvd.nist.gov/vuln/detail/cve-2024-4577) which allows attackers to execute custom scripts remotely. Therefore I highly recommend to update the used base image from php:8.1-fpm-bullseye to e.g. php:8.4.1-fpm-bullseye.
dqos commented 2024-12-20 16:31:18 +08:00 (Migrated from github.com)
Copy Link

Thank you @clertes for the PR. It seems this vulnerability only happens on Windows, right? Anyway, still important to fix this so I will merge this.

PS: Did you test the LG by any chance?

Thank you @clertes for the PR. It seems this vulnerability only happens on Windows, right? Anyway, still important to fix this so I will merge this. PS: Did you test the LG by any chance?
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
documentation
Improvements or additions to documentation
duplicate
This issue or pull request already exists
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
invalid
This doesn't seem right
question
Further information is requested
wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: malhuda/lookingglass#46
No description provided.
Delete Branch "main"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?