The patched version of metabase v0.41.4 still is getting flagged for log4j vulnerability for v1.2.17. My on-prem deployments are currently blocked due to this. How do I bump this up to log4j v2.15.0 or v2.16.0?
grype metabase/metabase:v0.41.4
✔ Vulnerability DB [updated]
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [419 packages]
✔ Scanned image [273 vulnerabilities]
NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY
commons-beanutils 1.9.3 1.9.4 GHSA-6phf-73q6-gh87 High
commons-beanutils 1.9.3 CVE-2019-10086 High
cryptacular 1.1.3 1.1.4 GHSA-x64g-4xx9-fh6x High
hadoop-annotations 3.1.1 CVE-2018-11768 High
hadoop-annotations 3.1.1 CVE-2020-9492 High
hadoop-auth 3.1.1 CVE-2018-11768 High
hadoop-auth 3.1.1 CVE-2020-9492 High
hadoop-common 3.1.1 CVE-2018-11768 High
hadoop-common 3.1.1 CVE-2020-9492 High
hadoop-yarn-api 2.6.0 CVE-2015-1776 Medium
hadoop-yarn-api 2.6.0 CVE-2016-3086 Critical
hadoop-yarn-api 2.6.0 CVE-2016-5001 Medium
hadoop-yarn-api 2.6.0 CVE-2016-5393 High
hadoop-yarn-api 2.6.0 CVE-2016-6811 High
hadoop-yarn-api 2.6.0 CVE-2017-15713 Medium
hadoop-yarn-api 2.6.0 CVE-2017-3161 Medium
hadoop-yarn-api 2.6.0 CVE-2017-3162 High
hadoop-yarn-api 2.6.0 CVE-2018-11768 High
hadoop-yarn-api 2.6.0 CVE-2018-1296 High
hadoop-yarn-api 2.6.0 CVE-2018-8009 High
hadoop-yarn-api 2.6.0 CVE-2018-8029 High
hadoop-yarn-api 2.6.0 CVE-2020-9492 High
hadoop-yarn-common 2.6.0 CVE-2015-1776 Medium
hadoop-yarn-common 2.6.0 CVE-2016-3086 Critical
hadoop-yarn-common 2.6.0 CVE-2016-5001 Medium
hadoop-yarn-common 2.6.0 CVE-2016-5393 High
hadoop-yarn-common 2.6.0 CVE-2016-6811 High
hadoop-yarn-common 2.6.0 CVE-2017-15713 Medium
hadoop-yarn-common 2.6.0 CVE-2017-3161 Medium
hadoop-yarn-common 2.6.0 CVE-2017-3162 High
hadoop-yarn-common 2.6.0 CVE-2018-11768 High
hadoop-yarn-common 2.6.0 CVE-2018-1296 High
hadoop-yarn-common 2.6.0 CVE-2018-8009 High
hadoop-yarn-common 2.6.0 CVE-2018-8029 High
hadoop-yarn-common 2.6.0 CVE-2020-9492 High
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2015-1776 Medium
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2016-3086 Critical
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2016-5001 Medium
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2016-5393 High
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2016-6811 High
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2017-15713 Medium
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2017-3161 Medium
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2017-3162 High
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2018-11768 High
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2018-1296 High
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2018-8009 High
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2018-8029 High
hadoop-yarn-server-applicationhistoryservice 2.6.0 CVE-2020-9492 High
hadoop-yarn-server-common 2.6.0 CVE-2015-1776 Medium
hadoop-yarn-server-common 2.6.0 CVE-2016-3086 Critical
hadoop-yarn-server-common 2.6.0 CVE-2016-5001 Medium
hadoop-yarn-server-common 2.6.0 CVE-2016-5393 High
hadoop-yarn-server-common 2.6.0 CVE-2016-6811 High
hadoop-yarn-server-common 2.6.0 CVE-2017-15713 Medium
hadoop-yarn-server-common 2.6.0 CVE-2017-3161 Medium
hadoop-yarn-server-common 2.6.0 CVE-2017-3162 High
hadoop-yarn-server-common 2.6.0 CVE-2018-11768 High
hadoop-yarn-server-common 2.6.0 CVE-2018-1296 High
hadoop-yarn-server-common 2.6.0 CVE-2018-8009 High
hadoop-yarn-server-common 2.6.0 CVE-2018-8029 High
hadoop-yarn-server-common 2.6.0 CVE-2020-9492 High
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2015-1776 Medium
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2016-3086 Critical
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2016-5001 Medium
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2016-5393 High
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2016-6811 High
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2017-15713 Medium
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2017-3161 Medium
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2017-3162 High
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2018-11768 High
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2018-1296 High
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2018-8009 High
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2018-8029 High
hadoop-yarn-server-resourcemanager 2.6.0 CVE-2020-9492 High
hadoop-yarn-server-web-proxy 2.6.0 CVE-2015-1776 Medium
hadoop-yarn-server-web-proxy 2.6.0 CVE-2016-3086 Critical
hadoop-yarn-server-web-proxy 2.6.0 CVE-2016-5001 Medium
hadoop-yarn-server-web-proxy 2.6.0 CVE-2016-5393 High
hadoop-yarn-server-web-proxy 2.6.0 CVE-2016-6811 High
hadoop-yarn-server-web-proxy 2.6.0 CVE-2017-15713 Medium
hadoop-yarn-server-web-proxy 2.6.0 CVE-2017-3161 Medium
hadoop-yarn-server-web-proxy 2.6.0 CVE-2017-3162 High
hadoop-yarn-server-web-proxy 2.6.0 CVE-2018-11768 High
hadoop-yarn-server-web-proxy 2.6.0 CVE-2018-1296 High
hadoop-yarn-server-web-proxy 2.6.0 CVE-2018-8009 High
hadoop-yarn-server-web-proxy 2.6.0 CVE-2018-8029 High
hadoop-yarn-server-web-proxy 2.6.0 CVE-2020-9492 High
hive-common 1.2.2 CVE-2018-11777 High
hive-common 1.2.2 CVE-2018-1282 Critical
hive-common 1.2.2 CVE-2018-1284 Low
hive-common 1.2.2 CVE-2018-1314 Medium
hive-common 1.2.2 CVE-2020-13949 High
hive-common 1.2.2 CVE-2020-1926 Medium
hive-jdbc 1.2.2 2.3.4 GHSA-jmf4-pq78-f8vj Medium
hive-jdbc 1.2.2 2.3.3 GHSA-jf2m-435m-mxw8 Critical
hive-jdbc 1.2.2 CVE-2018-11777 High
hive-jdbc 1.2.2 CVE-2018-1282 Critical
hive-jdbc 1.2.2 CVE-2018-1284 Low
hive-jdbc 1.2.2 CVE-2018-1314 Medium
hive-jdbc 1.2.2 CVE-2020-13949 High
hive-jdbc 1.2.2 CVE-2020-1926 Medium
hive-metastore 1.2.2 CVE-2018-11777 High
hive-metastore 1.2.2 CVE-2018-1282 Critical
hive-metastore 1.2.2 CVE-2018-1284 Low
hive-metastore 1.2.2 CVE-2018-1314 Medium
hive-metastore 1.2.2 CVE-2020-13949 High
hive-metastore 1.2.2 CVE-2020-1926 Medium
hive-serde 1.2.2 CVE-2018-11777 High
hive-serde 1.2.2 CVE-2018-1282 Critical
hive-serde 1.2.2 CVE-2018-1284 Low
hive-serde 1.2.2 CVE-2018-1314 Medium
hive-serde 1.2.2 CVE-2020-13949 High
hive-serde 1.2.2 CVE-2020-1926 Medium
hive-service 1.2.2 2.3.3 GHSA-rxmr-c9jm-7mm8 Low
hive-service 1.2.2 CVE-2018-11777 High
hive-service 1.2.2 CVE-2018-1282 Critical
hive-service 1.2.2 CVE-2018-1284 Low
hive-service 1.2.2 CVE-2018-1314 Medium
hive-service 1.2.2 CVE-2020-13949 High
hive-service 1.2.2 CVE-2020-1926 Medium
hive-shims 1.2.2 CVE-2018-11777 High
hive-shims 1.2.2 CVE-2018-1282 Critical
hive-shims 1.2.2 CVE-2018-1284 Low
hive-shims 1.2.2 CVE-2018-1314 Medium
hive-shims 1.2.2 CVE-2020-13949 High
hive-shims 1.2.2 CVE-2020-1926 Medium
hive-shims-0.20S 1.2.2 CVE-2018-11777 High
hive-shims-0.20S 1.2.2 CVE-2018-1282 Critical
hive-shims-0.20S 1.2.2 CVE-2018-1284 Low
hive-shims-0.20S 1.2.2 CVE-2018-1314 Medium
hive-shims-0.20S 1.2.2 CVE-2020-13949 High
hive-shims-0.20S 1.2.2 CVE-2020-1926 Medium
hive-shims-0.23 1.2.2 CVE-2018-11777 High
hive-shims-0.23 1.2.2 CVE-2018-1282 Critical
hive-shims-0.23 1.2.2 CVE-2018-1284 Low
hive-shims-0.23 1.2.2 CVE-2018-1314 Medium
hive-shims-0.23 1.2.2 CVE-2020-13949 High
hive-shims-0.23 1.2.2 CVE-2020-1926 Medium
hive-shims-common 1.2.2 CVE-2018-11777 High
hive-shims-common 1.2.2 CVE-2018-1282 Critical
hive-shims-common 1.2.2 CVE-2018-1284 Low
hive-shims-common 1.2.2 CVE-2018-1314 Medium
hive-shims-common 1.2.2 CVE-2020-13949 High
hive-shims-common 1.2.2 CVE-2020-1926 Medium
hive-shims-scheduler 1.2.2 CVE-2018-11777 High
hive-shims-scheduler 1.2.2 CVE-2018-1282 Critical
hive-shims-scheduler 1.2.2 CVE-2018-1284 Low
hive-shims-scheduler 1.2.2 CVE-2018-1314 Medium
hive-shims-scheduler 1.2.2 CVE-2020-13949 High
hive-shims-scheduler 1.2.2 CVE-2020-1926 Medium
jackson-databind 2.4.0 2.6.7.3 GHSA-cf6r-3wgc-h863 High
jackson-databind 2.4.0 2.9.10.4 GHSA-fqwf-pjwf-7vqv Medium
jackson-databind 2.4.0 2.9.10 GHSA-f3j5-rmmp-3fc5 Critical
jackson-databind 2.4.0 2.8.11 GHSA-w3f4-3q6j-rh82 High
jackson-databind 2.4.0 2.9.10 GHSA-h822-r4r5-v8jg Critical
jackson-databind 2.4.0 2.9.10 GHSA-85cw-hj65-qqv9 Critical
jackson-databind 2.4.0 2.9.10.7 GHSA-5949-rw7g-wx7w High
jackson-databind 2.4.0 2.6.7.4 GHSA-288c-cq4h-88gq High
jackson-databind 2.4.0 2.9.9.2 GHSA-gwp4-hfv6-p7hw High
jackson-databind 2.4.0 2.9.9.1 GHSA-cmfg-87vq-g5g4 Medium
jackson-databind 2.4.0 2.9.9.1 GHSA-mph4-vhrx-mv67 Medium
jackson-databind 2.4.0 2.7.9.4 GHSA-qr7j-h6gg-jmgc Critical
jackson-databind 2.4.0 2.8.11 GHSA-h592-38cm-4ggp Critical
jackson-databind 2.4.0 2.8.11.1 GHSA-cggj-fvv3-cqwv Critical
jackson-databind 2.4.0 2.7.9.5 GHSA-4gq5-ch57-c2mg Critical
jackson-databind 2.4.0 2.7.9.5 GHSA-645p-88qh-w398 Critical
jackson-databind 2.4.0 2.7.9.4 GHSA-cjjf-94ff-43w7 High
jackson-databind 2.4.0 2.9.9 GHSA-5ww9-j83m-q7qx High
jackson-databind 2.4.0 2.9.9.2 GHSA-6fpp-rgj9-8rwc Critical
jackson-databind 2.4.0 2.9.10.1 GHSA-mx7p-6679-8g3q Critical
jackson-databind 2.4.0 2.9.10.1 GHSA-fmmc-742q-jg75 Critical
jackson-databind 2.4.0 2.9.10.1 GHSA-gjmw-vf9h-g25v Critical
jackson-databind 2.4.0 GHSA-gww7-p5w4-wrfv Critical
jackson-databind 2.4.0 GHSA-4w82-r329-3q67 Critical
jackson-databind 2.4.0 2.9.10.4 GHSA-q93h-jc49-78gg Critical
jackson-databind 2.4.0 2.9.10.4 GHSA-p43x-xfjf-5jhr Critical
jackson-databind 2.4.0 2.8.11 GHSA-rfx6-vp9g-rh7v Critical
jackson-databind 2.4.0 2.6.7.1 GHSA-qxxx-2pp7-5hmx Critical
jackson-databind 2.4.0 2.9.10.8 GHSA-v585-23hc-c647 High
jackson-databind 2.4.0 2.9.10.6 GHSA-h3cw-g4mq-c5x2 High
jackson-databind 2.4.0 2.9.10.8 GHSA-wh8g-3j2c-rqj5 High
jackson-databind 2.4.0 2.9.10.8 GHSA-r3gr-cxrf-hg25 High
jackson-databind 2.4.0 2.9.10.6 GHSA-qjw2-hr98-qgfh Critical
jackson-databind 2.4.0 2.9.10.8 GHSA-89qr-369f-5m5x High
jackson-databind 2.4.0 2.9.10.8 GHSA-9gph-22xh-8x98 High
jackson-databind 2.4.0 2.9.10.8 GHSA-8w26-6f25-cm9x High
jackson-databind 2.4.0 2.9.10.8 GHSA-cvm9-fjm9-3572 High
jackson-databind 2.4.0 2.9.10.8 GHSA-8c4j-34r4-xr8g High
jackson-databind 2.4.0 2.9.10.8 GHSA-m6x4-97wx-4q27 High
jackson-databind 2.4.0 2.9.10.8 GHSA-9m6f-7xcq-8vf8 High
jackson-databind 2.4.0 2.9.10.8 GHSA-f9xh-2qgp-cq57 High
jackson-databind 2.4.0 2.9.10.8 GHSA-r695-7vr9-jgc2 High
jackson-databind 2.4.0 2.9.10.8 GHSA-vfqx-33qm-g869 High
jackson-databind 2.4.0 CVE-2018-7489 Critical
jackson-databind 2.4.0 CVE-2020-35490 High
jackson-databind 2.4.0 CVE-2020-35491 High
jbcrypt 0.3m CVE-2015-0886 Medium
jetty 6.1.26 CVE-2009-1523 Medium
jetty 6.1.26 CVE-2011-4461 Medium
jetty-security 9.3.19.v20170502 CVE-2017-7656 High
jetty-security 9.3.19.v20170502 CVE-2017-7657 Critical
jetty-security 9.3.19.v20170502 CVE-2017-7658 Critical
jetty-security 9.3.19.v20170502 CVE-2017-9735 High
jetty-security 9.3.19.v20170502 CVE-2018-12536 Medium
jetty-security 9.3.19.v20170502 CVE-2020-27216 High
jetty-security 9.3.19.v20170502 CVE-2021-28165 High
jetty-security 9.3.19.v20170502 CVE-2021-28169 Medium
jetty-security 9.3.19.v20170502 CVE-2021-34428 Low
jetty-servlet 9.3.19.v20170502 CVE-2017-7656 High
jetty-servlet 9.3.19.v20170502 CVE-2017-7657 Critical
jetty-servlet 9.3.19.v20170502 CVE-2017-7658 Critical
jetty-servlet 9.3.19.v20170502 CVE-2017-9735 High
jetty-servlet 9.3.19.v20170502 CVE-2018-12536 Medium
jetty-servlet 9.3.19.v20170502 CVE-2020-27216 High
jetty-servlet 9.3.19.v20170502 CVE-2021-28165 High
jetty-servlet 9.3.19.v20170502 CVE-2021-28169 Medium
jetty-servlet 9.3.19.v20170502 CVE-2021-34428 Low
jetty-util 6.1.26 CVE-2009-1523 Medium
jetty-util 6.1.26 CVE-2011-4461 Medium
jetty-webapp 9.3.19.v20170502 9.4.33 GHSA-g3wg-6mcf-8jj6 High
jetty-webapp 9.3.19.v20170502 CVE-2017-7656 High
jetty-webapp 9.3.19.v20170502 CVE-2017-7657 Critical
jetty-webapp 9.3.19.v20170502 CVE-2017-7658 Critical
jetty-webapp 9.3.19.v20170502 CVE-2017-9735 High
jetty-webapp 9.3.19.v20170502 CVE-2018-12536 Medium
jetty-webapp 9.3.19.v20170502 CVE-2020-27216 High
jetty-webapp 9.3.19.v20170502 CVE-2021-28165 High
jetty-webapp 9.3.19.v20170502 CVE-2021-28169 Medium
jetty-webapp 9.3.19.v20170502 CVE-2021-34428 Low
jetty-xml 9.3.19.v20170502 CVE-2017-7656 High
jetty-xml 9.3.19.v20170502 CVE-2017-7657 Critical
jetty-xml 9.3.19.v20170502 CVE-2017-7658 Critical
jetty-xml 9.3.19.v20170502 CVE-2017-9735 High
jetty-xml 9.3.19.v20170502 CVE-2018-12536 Medium
jetty-xml 9.3.19.v20170502 CVE-2020-27216 High
jetty-xml 9.3.19.v20170502 CVE-2021-28165 High
jetty-xml 9.3.19.v20170502 CVE-2021-28169 Medium
jetty-xml 9.3.19.v20170502 CVE-2021-34428 Low
json-smart 2.3 2.4.1 GHSA-v528-7hrm-frqp Critical
log4j 1.2.17 GHSA-2qrg-x229-3v8q Critical
log4j 1.2.17 CVE-2019-17571 Critical
log4j 1.2.17 CVE-2020-9488 Low
metabase CVE-2018-0697 Medium
netty 3.10.5.Final CVE-2019-16869 High
netty 3.10.5.Final CVE-2019-20444 Critical
netty 3.10.5.Final CVE-2019-20445 Critical
netty 3.10.5.Final CVE-2021-21290 Medium
netty 3.10.5.Final CVE-2021-21295 Medium
netty 3.10.5.Final CVE-2021-21409 Medium
netty 3.10.5.Final CVE-2021-37136 High
netty 3.10.5.Final CVE-2021-37137 High
netty-codec 4.1.25.Final 4.1.68.Final GHSA-grg4-wf29-r9vv Medium
netty-codec 4.1.25.Final 4.1.68.Final GHSA-9vjp-v76f-g363 Medium
netty-codec-http 4.1.25.Final 4.1.59.Final GHSA-5mcr-gq6c-3hq2 Medium
netty-codec-http 4.1.25.Final 4.1.71.Final GHSA-wx5j-54mm-rqqq Medium
netty-handler 4.1.25.Final 4.1.46 GHSA-mm9x-g8pc-w292 High
netty-handler 4.1.25.Final 4.1.45 GHSA-p2v9-g2qv-p635 Medium
netty-handler 4.1.25.Final 4.1.44 GHSA-cqqj-4p63-rrmm Critical
nimbus-jose-jwt 4.41.1 7.9 GHSA-f6vf-pq8c-69m4 Critical
pdfbox 2.0.22 2.0.24 GHSA-7grw-6pjh-jpc9 Medium
pdfbox 2.0.22 2.0.24 GHSA-fg3j-q579-v8x4 Medium
pdfbox 2.0.22 2.0.23 GHSA-2h3j-m7gr-25xj Medium
pdfbox 2.0.22 2.0.23 GHSA-6vqp-h455-42mr Medium
pdfbox 2.0.22 CVE-2021-27807 Medium
pdfbox 2.0.22 CVE-2021-27906 Medium
pdfbox 2.0.22 CVE-2021-31811 Medium
pdfbox 2.0.22 CVE-2021-31812 Medium
protobuf-java 2.5.0 CVE-2015-5237 High
quartz 2.1.7 2.3.2 GHSA-9qcf-c26r-x5rf Critical
sshd-common 2.4.0 CVE-2021-30129 Medium
sshd-core 2.4.0 2.7.0 GHSA-9279-7hph-r3xw High
sshd-core 2.4.0 CVE-2021-30129 Medium
xmlsec 2.2.1 2.2.3 GHSA-j8wc-gxx9-82hx High