Qdrant
qdrant docker image from docker hub - CVE Critical found in local scan. #3267
RonPagliuca
started this conversation in
General
Replies: 2 comments 1 reply
-
|
Hi Ron! we use |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
We ran the scan and it appears the OS is where the critical and high vulnerabilities exist, will the image be updated to remedy those? You can view the attached with: https://microsoft.github.io/sarif-web-component/ Thanks, Ron |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
We don't have immediate plans to do this, as many of these listed vulnerabilities prove to be insignificant when using it as base image like we're doing. We might switch to a different base image such as |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We did a scan for vulnerabilities using the supplied image which we downloaded, and it returned about 75 high and 1 critical CVE. Are these vulnerabilities because of the image or in the actual qdrant package? Any feedback would be helpful.
Here are two to keep this post succinct:
: OsPackageVulnerability
Package: zlib1g
Installed Version: 1:1.2.13.dfsg-1
Vulnerability CVE-2023-45853
Severity: CRITICAL
Fixed Version:
Link: CVE-2023-45853 New
: OsPackageVulnerability
Package: perl-base
Installed Version: 5.36.0-7
Vulnerability CVE-2023-47038
Severity: HIGH
Fixed Version: 5.36.0-7+deb12u1
Link: CVE-2023-47038
Thanks,
Ron
Beta Was this translation helpful? Give feedback.
All reactions