Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker build: datashield/molgenis-armadillo:test has critical CVE #722

Open
erikzwart opened this issue Apr 10, 2024 · 2 comments
Open

docker build: datashield/molgenis-armadillo:test has critical CVE #722

erikzwart opened this issue Apr 10, 2024 · 2 comments
Labels
priority
Milestone
Priority

Comments

@erikzwart
Copy link
Collaborator

The Docker image build here: datashield/molgenis-armadillo:test has a critical cve identified by docker scout:
image

(Stuart) Traced back the serious complaint to org.apache.hadoop packages hadoop-client via jar

In molgenis-service-armadillo/armadillo/build.gradle it appears

     implementation 'org.apache.parquet:parquet-hadoop:1.13.1'
     implementation 'org.apache.hadoop:hadoop-client:3.3.6'

molgenis-service-armadillo/armadillo/build.gradle

Line 56 in 2fb6825

implementation 'org.apache.parquet:parquet-hadoop:1.13.1'

@marikaris
Copy link
Collaborator

@StuartWheater Do you have a description of the CVE anywhere? I can't find it by just googling it. I would like to read into it to see if it actually affects the way we use it and if so see if they're planning on fixing it soon, as we are using the last version of this library. And whether previous versions of the library have the same issue.

@erikzwart
Copy link
Collaborator Author

CVE-2023-25613

afbeelding

@marikaris marikaris added this to the Priority milestone May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority
Projects
None yet
Milestone
Priority
Development

No branches or pull requests
3 participants
@erikzwart @marikaris @timcadman