How do I fix vulnerability in image

436 views Asked by At

When I had scanned image quay.io/strimzi/kafka:0.32.0-kafka-3.3.1 using trivy i got vunerabilty in this image.

opt/kafka/libs/snakeyaml-1.33.jar
=================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

+--------------------+------------------+----------+-------------------+---------------+--------------------------------------+
|      LIBRARY       | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                TITLE                 |
+--------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| org.yaml:snakeyaml | CVE-2022-1471    | CRITICAL |              1.33 |               | SnakeYaml: Constructor               |
|                    |                  |          |                   |               | Deserialization                      |
|                    |                  |          |                   |               | Remote Code Execution                |
|                    |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-1471 |
+--------------------+------------------+----------+-------------------+---------------+--------------------------------------+

After pulling an image what i have do to fix this issue ?

I need an image with 0 vulnerability.

1

There are 1 answers

0
testfile On

If you dont own the image then theres not much you can do. You'll have to open an issue to the owners to fix