[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CVE (Critical + High) in bookworm image

Hi,

   I am installing  nodejs on top of a debian (bookworm-slim) image for some task. While the intended functionality works fine, the security scan (JFrog Xray) fails with a critical and high issue. I see some fix in sid but since it is development mode (I believe) is there any way we could get a fix in bookworm release or is there any other suggestion.

CVE-2023-45853

 JFrog Severity -High

Components - debian:bookworm:zlib1g:1:1.2.13.dfsg-1

Version 1:1.2.13.dfsg-1

 CVSS Score - 9.8 (v3)

 Summary

A heap buffer overflow in zlib may lead to remote code execution when parsing a malicious archive.

 ==

 CVE-2023-31484

 JFrog Severity - High

Components - debian:bookworm:perl-base:5.36.0-7

Version - 5.36.0-7

CVSS Score -8.1 (v3)

 Summary

Missing TLS check in CPAN.pm allows man-in-the-middle attacks when downloading packages and may lead to code execution.


Thanks,

Thomas

Reply to: