We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello all,
Running a Trivy vulnerabilities scan through the schema-registry container image returned some CVEs affecting the latest release 7.6.1:
https://nvd.nist.gov/vuln/detail/CVE-2024-21634
Could you confirm whether Schema Registry is affected by these vulnerabilities and if so, are there plans to update the related dependencies?
Steps to reproduce:
$ trivy image --vuln-type library confluentinc/cp-schema-registry:7.6.1 ... ├────────────────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤ │ software.amazon.ion:ion-java (acl-7.6.1.jar) │ CVE-2024-21634 │ HIGH │ │ 1.0.2 │ 1.10.5 │ Ion Java StackOverflow vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-21634 │ ├────────────────────────────────────────────────────────────┤ │ │ │ │ │ │ │ software.amazon.ion:ion-java (ion-java-1.0.2.jar) │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └────────────────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hello all,
Running a Trivy vulnerabilities scan through the schema-registry container image returned some CVEs affecting the latest release 7.6.1:
https://nvd.nist.gov/vuln/detail/CVE-2024-21634
Could you confirm whether Schema Registry is affected by these vulnerabilities and if so, are there plans to update the related dependencies?
Steps to reproduce:
The text was updated successfully, but these errors were encountered: