[GUACAMOLE-1768] Docker - Guacamole Vulnerability Updates - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Invalid
Affects Version/s: 1.5.0
Fix Version/s: None
Component/s: guacamole, guacd-docker
Labels:
None

Description

Hi,

I was doing a synk vulnerability scan with "docker scan" to see what vulnerabilities were in the docker image. I saw the below, and was inquiring how the docker components get updated from a vulnerability perspective?

Issues to fix by upgrading:

Upgrade com.fasterxml.woodstox:woodstox-core@5.2.1 to com.fasterxml.woodstox:woodstox-core@5.4.0 to fix
✗ Denial of Service (DoS) [Medium Severity]https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135 in com.fasterxml.woodstox:woodstox-core@5.2.1
introduced by com.fasterxml.woodstox:woodstox-core@5.2.1
✗ XML External Entity (XXE) Injection [Critical Severity]https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754 in com.fasterxml.woodstox:woodstox-core@5.2.1
introduced by com.fasterxml.woodstox:woodstox-core@5.2.1

The above is from the latest guacamole docker image. For guacd, there wasn't anything shown at the moment.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Jonathan Kwan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Apr/23 21:08

Updated:: 11/Apr/23 22:34

Resolved:: 11/Apr/23 22:34