Open
Description
hi there are few security vulnarablites which are critical/severe in nature and this is stopping us from rolling temporal to prod, it will be great if these can be addresed in an upcoming release.
| image | osDistro | osDistroRelease | osDistroVersion | architecture | issueType | severity | severityCHML | cvss | cve | hasFix | status | packageType | packageName | packageVersion |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| temporalio/ui:latest | alpine | 3.19.1 | 3.19.1 | amd64 | vulnerability | high | H | 7.5 | CVE-2024-6197 | Y | fixed in 8.9.0-r0 | os | curl | 8.5.0-r0 |
| temporalio/ui:latest | alpine | 3.19.1 | 3.19.1 | amd64 | vulnerability | high | H | 7.5 | CVE-2025-30204 | N | open | go | github.com/golang-jwt/jwt | v3.2.2 |
| temporalio/ui:latest | alpine | 3.19.1 | 3.19.1 | amd64 | vulnerability | critical | C | 9.8 | CVE-2024-24790 | Y | fixed in 1.21.11, 1.22.4 | go | net/netip | 1.22.1 |
| temporalio/server:latest | alpine | 3.21.3 | 3.21.3 | amd64 | vulnerability | high | H | 7.5 | CVE-2025-30204 | N | open | go | github.com/golang-jwt/jwt | v3.2.2 |
| temporalio/admin-tools:latest | alpine | 3.21.3 | 3.21.3 | amd64 | vulnerability | high | H | 0 | CVE-2024-45338 | Y | fixed in 0.33.0 | go | golang.org/x/net/html | v0.31.0 |
| temporalio/admin-tools:latest | alpine | 3.21.3 | 3.21.3 | amd64 | vulnerability | high | H | 7.5 | CVE-2025-30204 | N | open | go | github.com/golang-jwt/jwt | v3.2.2 |
Metadata
Metadata
Assignees
Labels
No labels