Hello,
I scanned the docker image for the Metabase v0.40.0 using Sysdig and it identified 92 non-os vulnerabilities. How do I resolve this?
severity | vuln | package_name | package | fix |
---|---|---|---|---|
Medium | CVE-2015-1776 | hadoop | hadoop-2.6.0 | None |
High | CVE-2015-5237 | protobuf | protobuf-2.5.0 | None |
Medium | CVE-2016-5001 | hadoop | hadoop-2.6.0 | None |
Critical | CVE-2017-15095 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2017-17485 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2017-18640 | snakeyaml | snakeyaml-1.23 | None |
Critical | CVE-2017-7525 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2018-11307 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2018-11777 | hive | hive-1.2.2 | None |
High | CVE-2018-12022 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2018-12023 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2018-1282 | hive | hive-1.2.2 | None |
Low | CVE-2018-1284 | hive | hive-1.2.2 | None |
Medium | CVE-2018-1314 | hive | hive-1.2.2 | None |
Critical | CVE-2018-14718 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2018-14719 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2018-14720 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2018-14721 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2018-19360 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2018-19361 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2018-19362 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2018-20346 | sqlite | sqlite-3.25.2 | None |
High | CVE-2018-20505 | sqlite | sqlite-3.25.2 | None |
High | CVE-2018-20506 | sqlite | sqlite-3.25.2 | None |
High | CVE-2018-5968 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2018-7489 | jackson-databind | jackson-databind-2.7.8 | None |
Medium | CVE-2019-12384 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2019-13990 | quartz | quartz-2.1.7 | None |
Critical | CVE-2019-14379 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2019-14439 | jackson-databind | jackson-databind-2.7.8 | None |
Medium | CVE-2019-19645 | sqlite | sqlite-3.25.2 | None |
Critical | CVE-2019-19646 | sqlite | sqlite-3.25.2 | None |
Critical | CVE-2019-20330 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2020-10969 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2020-11655 | sqlite | sqlite-3.25.2 | None |
Critical | CVE-2020-11656 | sqlite | sqlite-3.25.2 | None |
Medium | CVE-2020-13434 | sqlite | sqlite-3.25.2 | None |
Medium | CVE-2020-13435 | sqlite | sqlite-3.25.2 | None |
High | CVE-2020-13630 | sqlite | sqlite-3.25.2 | None |
Medium | CVE-2020-13631 | sqlite | sqlite-3.25.2 | None |
Medium | CVE-2020-13632 | sqlite | sqlite-3.25.2 | None |
Medium | CVE-2020-13956 | httpclient | httpclient-4.5.10 | None |
Medium | CVE-2020-15358 | sqlite | sqlite-3.25.2 | None |
Medium | CVE-2020-1926 | hive | hive-1.2.2 | None |
High | CVE-2020-24164 | nippy | nippy-2.14.0 | None |
High | CVE-2020-35490 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2020-35491 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2020-7226 | cryptacular | cryptacular-1.1.3 | None |
Low | CVE-2020-9488 | log4j | log4j-1.2.17 | None |
Critical | CVE-2020-9546 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2020-9547 | jackson-databind | jackson-databind-2.7.8 | None |
Critical | CVE-2020-9548 | jackson-databind | jackson-databind-2.7.8 | None |
High | CVE-2021-33712 | saml | saml-2.0.0 | None |
High | VULNDB-106409 | commons_beanutils | commons_beanutils-1.9.3 | 1.9.4 |
Medium | VULNDB-141671 | wsgiref | wsgiref-0.1.2 | None |
Medium | VULNDB-147950 | hadoop | hadoop-2.6.0 | 2.6.5 2.7.3 |
Low | VULNDB-149836 | hadoop | hadoop-2.6.0 | 2.6.5 2.7.5 |
Medium | VULNDB-156369 | hadoop | hadoop-2.6.0 | 2.7.0 |
High | VULNDB-156370 | hadoop | hadoop-2.6.0 | 2.7.0 |
High | VULNDB-171100 | commons_net | commons_net-3.6 | None |
Medium | VULNDB-173134 | hadoop | hadoop-2.6.0 | 2.7.5 2.8.3 2.9.0 3.0.0 |
High | VULNDB-179825 | hadoop | hadoop-2.6.0 | 2.7.7 |
High | VULNDB-182168 | hadoop | hadoop-2.6.0 | 2.7.7 2.8.5 2.9.2 3.0.3 3.1.1 |
High | VULNDB-182169 | hadoop | hadoop-2.6.0 | 2.7.7 2.8.5 2.9.2 3.0.3 3.1.1 |
Medium | VULNDB-197271 | hadoop | hadoop-2.6.0 | None |
Medium | VULNDB-204803 | jackson-databind | jackson-databind-2.7.8 | 2.9.9 |
High | VULNDB-205891 | hadoop | hadoop-2.6.0 | 2.8.5 2.9.2 3.1.1 |
High | VULNDB-205935 | sqlite | sqlite-3.25.2 | 3.28.0 |
Critical | VULNDB-207059 | jackson-databind | jackson-databind-2.7.8 | 2.9.9.1 |
High | VULNDB-213103 | sqlite | sqlite-3.25.2 | 3.30.0 |
High | VULNDB-214563 | jackson-databind | jackson-databind-2.7.8 | 2.10.0 2.9.10.1 |
Critical | VULNDB-214760 | hadoop | hadoop-3.1.1 | 2.8.5 2.9.2 3.1.2 |
Critical | VULNDB-220038 | log4j | log4j-1.2.17 | 2.8.2 |
Critical | VULNDB-222902 | sqlite | sqlite-3.25.2 | 3.31.0 |
High | VULNDB-223108 | jackson-databind | jackson-databind-2.7.8 | 2.8.11.5 2.9.10.3 |
Medium | VULNDB-231016 | woodstox | woodstox-5.2.1 | 5.3.0 |
Unknown | VULNDB-237497 | hadoop | hadoop-3.1.1 | 3.1.4 3.2.1 3.3.0 |
High | VULNDB-241123 | jetty | jetty-9.4.32.v20200930 | 10.0.0.beta3 11.0.0.beta3 9.4.33.v20201019 9.4.33.v20201020 |
Medium | VULNDB-243634 | jetty | jetty-9.4.32.v20200930 | 10.0.0.beta3 11.0.0.beta3 9.4.33.v20201020 |
High | VULNDB-247944 | hadoop | hadoop-2.6.0 | 2.10.1 3.1.4 3.2.2 3.3.0 |
High | VULNDB-247944 | hadoop | hadoop-3.1.1 | 2.10.1 3.1.4 3.2.2 3.3.0 |
Medium | VULNDB-250208 | batik | batik-1.13 | 1.14 |
High | VULNDB-250385 | batik | batik-1.13 | 1.14 |
Medium | VULNDB-250590 | jetty | jetty-9.4.32.v20200930 | 10.0.1 11.0.1 9.4.37.v20210219 9.4.38.v20210224 |
Medium | VULNDB-252116 | pdfbox | pdfbox-2.0.22 | 2.0.23 |
Medium | VULNDB-252117 | pdfbox | pdfbox-2.0.22 | 2.0.23 |
High | VULNDB-256815 | commons-compress | commons-compress-1.20 | None |
High | VULNDB-257084 | commons-compress | commons-compress-1.20 | None |
High | VULNDB-259179 | pdfbox | pdfbox-2.0.22 | 2.0.24 |
High | VULNDB-259180 | pdfbox | pdfbox-2.0.22 | 2.0.24 |
Medium | VULNDB-90804 | commons_cli | commons_cli-1.2 | None |
Medium | VULNDB-93555 | httpclient | httpclient-4.5.10 | None |
This is my docker file
FROM amazoncorretto:latest
ENV VERSION 0.40.0
WORKDIR /app
ENV MB_DB_TYPE postgres
ADD http://downloads.metabase.com/v$VERSION/metabase.jar /app/target/uberjar/
COPY start.sh /app/bin/
CMD ["bash","/app/bin/start.sh"]
Thanks,
Karthik