GHSA-fx6q-qhch-hxgp

ADVISORY - docker

Summary

I've recently deployed the tempo-distributed in my GKE but GCP flagged 1 critical CVE on it in the tempo-memcached StatefulSet. The CVE-2021-36159 is regarding the apk-tools package and its flagged with a 9.1 CRITICAL base score.

CVE documentation: https://nvd.nist.gov/vuln/detail/CVE-2021-36159#range-9922715

Affected version 2.10.4-r2

Fixed version 2.10.7-r0

Common Weakness Enumeration (CWE)

Impacted images

Advisories

Docker

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

GHSA-fx6q-qhch-hxgp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
tempo	dhi	-	-	>=2.10.4-r2,<2.10.7-r0	2.10.7-r0

Severity and metrics

No CVSS data available from this advisory.