CVE-2023-4863 - libwebp vuln in hubble-ui #680
Comments
|
Fixed by #678 |
|
The Version v0.12.1 Does not Fix the CVE. This CVE is on the US DHS CISA Exploited Vulnerabilities List. |
|
@rolinh The version v.0.12.1 still has CISA CVE. it does not fix this issue . It does not include patch for alphine version 3.18. Also there is new CVE CVE-2023-44487 is included . |
|
@kady1711 Should be fixed in v0.12.2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using a Vulnerability Scanner, hubble-ui, is being flagged with CVE-2023-4863. The CVE is sourced to the libwebp library being provided by Alpine. This CVE is on the US DHS CISA Exploited Vulnerabilities List. This issue is to request an incremental update to Hubble to provide a new build that includes the Alpine Patch. It appears this patch is included in the latest NGINX Alpine Base Image that hubble-ui is derived from. Need an ETA of when this may be potentially pulled in for next incremental or major release of hubble. Thanks...
The text was updated successfully, but these errors were encountered: