You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi Team,
we were checking for vulnerabilities of grafana-image-renderer docker image version - 3.7.2 and up. The trivy and docker scout shows node package as 7.3.7 as opposed to the fix version 7.5.4 as updated in #440.
Steps to reproduce:
Install trivy/docker scout or any vulnerability tool.
trivy image grafana/grafana-image-renderer:3.8.0 or
trivy image grafana/grafana-image-renderer:3.7.2
Hi Team,
we were checking for vulnerabilities of grafana-image-renderer docker image version - 3.7.2 and up. The trivy and docker scout shows node package as 7.3.7 as opposed to the fix version 7.5.4 as updated in #440.
Steps to reproduce:
Install trivy/docker scout or any vulnerability tool.
trivy image grafana/grafana-image-renderer:3.8.0 or
trivy image grafana/grafana-image-renderer:3.7.2
Output:
semver (package.json) │ CVE-2022-25883 │ MEDIUM │ fixed │ 7.3.7 │ 7.5.2, 6.3.1, 5.7.2 │ Regular expression denial of service │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-25883
Please let us know if we are missing something from our end.
The text was updated successfully, but these errors were encountered: