Hi there.
I’m using Aspose.Words with Docker Image aspose/words-cloud:22.9 Docker, and scanning my images I found some vulnerabilities in 2 packages, they are:
linux.5.10.140-1. (22 CVEs)
dbus.1.12.20-2. (3 CVEs)
Is there some workaround to fix this?
I’m trying to use the commands apt-get -y update && apt-get -y upgrade, but the vulnerabilities are still there.
Thanks for sharing your findings. We will appreciate it, if you please share your vulnerability reports with us as well. However, we have logged a ticket WORDSCLOUD-2139 to investigate the issue and will keep you updated about the issue resolution progress.
Thanks for log a ticket.
Here are the list of vulnerabilities (including CVE name and dependency package):
CVE-2015-20107 Critical 10 – python3.9 OS
CVE-2022-3570 Critical 9.8 – tiff OS
CVE-2021-46848 Critical 9.1 – libtasn1-6 OS
CVE-2019-19814 Critical 9.3 – linux OS
CVE-2022-2978 High 7.8 – linux OS
CVE-2022-3594 High 7.5 – linux OS
CVE-2022-3564 High 8 – linux OS
CVE-2022-2961 High 7 – linux OS
CVE-2022-3545 High 7.8 – linux OS
CVE-2022-1247 High 7 – linux OS
CVE-2022-3567 High 7.1 – linux OS
CVE-2021-3864 High 7 – linux OS
CVE-2021-29921 High 7.5 – python3.9 OS
CVE-2022-2867 High 8.8 – tiff OS
CVE-2022-2869 High 8.8 – tiff OS
CVE-2019-8457 High 7.5 – db5.3 OS
CVE-2019-15794 High 7.2 – linux OS
CVE-2013-7445 High 7.8 – linux OS
CVE-2022-3522 High 7 – linux OS
CVE-2021-3847 High 7.2 – linux OS
CVE-2022-0400 High 7.5 – linux OS
CVE-2021-3737 High 7.1 – python3.9 OS
CVE-2022-3565 High 8 – linux OS
CVE-2020-10735 High 7.5 – python3.9 OS
CVE-2022-3640 High 8.8 – linux OS
CVE-2021-3714 High 7.5 – linux OS
CVE-2022-3566 High 7.1 – linux OS
CVE-2022-3555 High 7.5 – libx11 OS
CVE-2022-3524 High 7.5 – linux OS
CVE-2022-3623 High 7.5 – linux OS
CVE-2022-3554 High 7.5 – libx11 OS
CVE-2022-39189 High 7.8 – linux OS
CVE-2022-2868 High 8.1 – tiff OS
I hope this to be helpful for you.
Thanks for your feedback. Definitely, it will help us in the issue investigation and its resolution.