Latest version has Critical Vulnerabilities, preventing my org from using

[matt-lachman-trss]

My organization uses Harbor as a proxy with some CVE scanning set up. We also prevent people from pulling images that have CVEs in them. It appears the latest version (using tag 1) has four (see screenshot):

[dduportal]

Gotta take a look. However I have serious doubts these CVEs even make sense in the context of asciidoctor.

What kind of exploit could be used on a CLI like this one?

[matt-lachman-trss]

@dduportal Thanks, I would appreciate it. I can't answer your question as that's beyond the scope of my knowledge or expertise. I think the important factor here is that organizations with strict policies about using images with CVEs will not be able to use this (easily) until the CVEs are addressed.