Skip to content

Latest image v2.322.0 has vulnerability CVE-2024-45337 #3711

New issue
New issue
Open
Open
Latest image v2.322.0 has vulnerability CVE-2024-45337#3711
Labels
bugSomething isn't working
@JohnnyChengOura

Description

@JohnnyChengOura
JohnnyChengOura
opened on Feb 15, 2025

Hi,

I think since the latest release CVE-2024-45337 got promoted to a CRITICAL vulnerability risk. I've tried updating the docker packages in the image but still unable to get this patched.

We are using WIZ as our vulnerability scanner.

Library vulnerabilities:
    Name: golang.org/x/crypto, Version: 0.27.0, Path: /usr/local/lib/docker/cli-plugins/docker-buildx
        Failed policy: Default vulnerabilities policy
        CVE-2024-45337, Severity: CRITICAL, Source: https://github.com/advisories/GHSA-v778-237x-gjrc
            Fixed version: 0.31.0
    Name: golang.org/x/net, Version: 0.29.0, Path: /usr/local/lib/docker/cli-plugins/docker-buildx
        CVE-2024-45338, Severity: HIGH, Source: https://github.com/advisories/GHSA-w32m-9786-jp63
            Fixed version: 0.33.0

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions