Check CONTRIBUTING guideline first and here is the list to help us investigate the problem.
Describe the bug
trivy vul scanner found vul packages
To Reproduce
trivy image --ignore-unfixed --severity HIGH,CRITICAL fluent/fluentd:v1.12.4-debian-1.0
Expected behavior
All packages included in container are free from high or critical vuls
Your Environment
managed k8s env running fluentd daemonset v1.12.4
Your Configuration
NA
Your Error Log
usr/local/bundle/gems/http_parser.rb-0.6.0/Gemfile.lock
=======================================================
Total: 6 (HIGH: 6, CRITICAL: 0)
+-----------+------------------+----------+-------------------+---------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------+------------------+----------+-------------------+---------------+-----------------------------------------+
| ffi | CVE-2018-1000201 | HIGH | 1.0.11 | 1.9.24 | ruby-ffi DDL loading |
| | | | | | issue on Windows OS |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000201 |
+ + + +-------------------+ + +
| | | | 1.0.11-java | | |
| | | | | | |
| | | | | | |
+-----------+------------------+ +-------------------+---------------+-----------------------------------------+
| json | CVE-2020-10663 | | 1.8.0 | 2.3.0 | rubygem-json: Unsafe object |
| | | | | | creation vulnerability in JSON |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10663 |
+ + + +-------------------+ + +
| | | | 1.8.0-java | | |
| | | | | | |
| | | | | | |
+-----------+------------------+ +-------------------+---------------+-----------------------------------------+
| rake | CVE-2020-8130 | | 0.9.2 | 12.3.3 | rake: OS Command Injection |
| | | | | | via egrep in Rake::FileList |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-8130 |
+-----------+------------------+ +-------------------+---------------+-----------------------------------------+
| yajl-ruby | CVE-2017-16516 | | 1.1.0 | 1.3.1 | rubygem-yajl-ruby: |
| | | | | | Yajl::Parser.new.parse |
| | | | | | incorrect parsing |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16516 |
+-----------+------------------+----------+-------------------+---------------+-----------------------------------------+
Additional context
Check CONTRIBUTING guideline first and here is the list to help us investigate the problem.
Describe the bug
trivy vul scanner found vul packages
To Reproduce
trivy image --ignore-unfixed --severity HIGH,CRITICAL fluent/fluentd:v1.12.4-debian-1.0
Expected behavior
All packages included in container are free from high or critical vuls
Your Environment
managed k8s env running fluentd daemonset v1.12.4
Your Configuration
NA
Your Error Log
Additional context