Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE Rake OS Command Injection in rake program in Ruby #829

Closed
dmattatall-teradici opened this issue Aug 13, 2020 · 4 comments
Closed

CVE Rake OS Command Injection in rake program in Ruby #829

dmattatall-teradici opened this issue Aug 13, 2020 · 4 comments
Assignees
@perk-sumo

Comments

@dmattatall-teradici
Copy link

sumologic-kubernetes-collection has one critical vulnerability in ruby.
https://www.cybersecurity-help.cz/vdb/SB2020030203

scanning docker.io/sumologic/kubernetes-fluentd:1.1.0 for criticals

VULNDB-212604 rake-12.3.2 Critical 12.3.3

Could you update this dependency to 12.3.3 for the new sumologic-kubernetes-collection release?
@sumo-drosiek
Copy link
Contributor

Thank you for reporting it. Current version of the fluent/fluentd:v1.11.1-debian-1.0 already contains the patched rake, so we need to rebuild images.

cc: @perk-sumo

@frankreno
Copy link
Contributor

This should be fixed by #817 and will go our with our 1.2 release.

@dmattatall-teradici
Copy link
Author

Thanks all!

@pmalek-sumo
Copy link
Contributor

1.2 and 1.3 have already been released and contain the above changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@perk-sumo perk-sumo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@frankreno @dmattatall-teradici @sumo-drosiek @perk-sumo @pmalek-sumo