[
https://issues.apache.org/jira/browse/GUACAMOLE-1768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper closed GUACAMOLE-1768.
----------------------------------
Resolution: Invalid
> Docker - Guacamole Vulnerability Updates
> ----------------------------------------
>
> Key: GUACAMOLE-1768
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1768
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole, guacd-docker
> Affects Versions: 1.5.0
> Reporter: Jonathan Kwan
> Priority: Major
>
> Hi,
>
> I was doing a synk vulnerability scan with "docker scan" to see what
> vulnerabilities were in the docker image. I saw the below, and was inquiring
> how the docker components get updated from a vulnerability perspective?
>
> Issues to fix by upgrading:
> Upgrade com.fasterxml.woodstox:woodstox-core@5.2.1 to
> com.fasterxml.woodstox:woodstox-core@5.4.0 to fix
> ✗ Denial of Service (DoS) [Medium
> Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135]
> in com.fasterxml.woodstox:woodstox-core@5.2.1
> introduced by com.fasterxml.woodstox:woodstox-core@5.2.1
> ✗ XML External Entity (XXE) Injection [Critical
> Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754]
> in com.fasterxml.woodstox:woodstox-core@5.2.1
> introduced by com.fasterxml.woodstox:woodstox-core@5.2.1
>
> The above is from the latest guacamole docker image. For guacd, there wasn't
> anything shown at the moment.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
