Superset2.1: Critical vulnerability with python upgrade 3.11.4-slim-bullseye

[Step1N]

Bug description

I have upgraded python version to 3.11.4-slim-bullseye for superset 2.1 version And It shows two critical issue while scanning build through snyk tool.

Introduced through
zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2 and mysql-defaults/[email protected]
Image layer
Introduced by your base image (python:3.11.4-slim-bullseye)

Exploit maturity
No known exploit

Detailed paths

Introduced through: docker-image|build-122-1 › zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2
Introduced through: docker-image|build-122-1 › mysql-defaults/[email protected] › mariadb-10.5/libmariadb-dev-compat@1:10.5.23-0+deb11u1 › mariadb-10.5/libmariadb-dev@1:10.5.23-0+deb11u1 › zlib/zlib1g-dev@1:1.2.11.dfsg-2+deb11u2

i) 	Integer Overflow or Wraparound  (https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961)
ii) National Vulnerability Database (https://nvd.nist.gov/vuln/detail/CVE-2023-45853)

Introduced through
[email protected]+deb11u11 and git@1:2.30.2-1+deb11u2
Image layer
apt-get install -y git

Exploit maturity
No known exploit

Detailed paths

Introduced through: docker-image|build-122-1 › [email protected]+deb11u11
Introduced through: docker-image|build-122-1 › [email protected]+deb11u11 › curl/[email protected]+deb11u11
Introduced through: docker-image|build-122-1 › git@1:2.30.2-1+deb11u2 › curl/[email protected]+deb11u11

i) Cleartext Transmission of Sensitive Information  (https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320493)

Anyone try upgrading superset2.1 python version to 3.11

How to reproduce the bug

1. Clone Superset 2.1
2. Upgrade python 3.11.4-slim-bullseye
3. Upgrade supported libs
4. Build project
5. Scan using snyk tool

Screenshots/recordings

No response

Superset version

master / latest-dev

Python version

3.11

Node version

16

Browser

Chrome

Additional context

It shows vulnerability introduce by python base image. But python public image does not show these critical vulnerability (https://hub.docker.com/_/python/tags?page=1&name=3.11.4-slim-bullseye)

Checklist

• I have searched Superset docs and Slack and didn't find a solution to my problem.
• I have searched the GitHub issue tracker and didn't find a similar bug report.
• I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

[michael-s-molina]

Moving to a discussion, as 2.x versions are not supported anymore. I suggest upgrading to officially supported versions.