When will a release be created to fix a High Severity Vulnerability in Hydrogen-Alpine? #2172
Appstute-Arati
started this conversation in
General
Replies: 1 comment
-
Once there is a release of an updated Other relevant comments and issues:
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
CVE ID: GHSA-3xgq-45jj-v275
Severity: High
Description: The vulnerability allows an attacker to exploit an insecure configuration or flaw in the container to gain unauthorized access, escalate privileges, or execute arbitrary code remotely.
This high severity vulnerability has been resolved in NPM and the fix to bump the version was merged 3 days ago (nodejs/node#55951) but there still isn't a new release with this fix so the Docker images still have this vulnerability present, which is blocking my team from releasing new code. Is there an ETA on the next release (18.20.6)?
Beta Was this translation helpful? Give feedback.
All reactions