Please help fill in this template with all the details to help others help you more efficiently. Use formatting blocks for code, config, logs and ensure to remove sensitive data.
Problem to solve
Describe your question in as much detail as possible:
I’m reaching out for assistance as I’ve been scanning the latest images using Grype, and it continues to report multiple critical vulnerabilities. This issue also persisted with previous image versions, specifically 17.4.X and 17.5.X.
GitHub - moby/moby: The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems v25.0.1+incompatible 25.0.6 go-module GHSA-v23v-6jw2-98fq Critical
GitHub - moby/moby: The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems v27.0.3+incompatible 27.1.1 go-module GHSA-v23v-6jw2-98fq Critical
handlebars 1.0.0 3.0.8 npm GHSA-w457-6q6x-cgp9 Critical
handlebars 1.0.0 4.7.7 npm GHSA-f2jv-r9rf-7988 Critical
handlebars 1.0.0 4.7.7 npm GHSA-765h-qjxv-5f44 Critical
stdlib go1.21.8 1.21.11, 1.22.4 go-module CVE-2024-24790 Critical
- What are you seeing, and how does that differ from what you expect to see?
*If they are fixed or closed, then why these vulnerabilities still showing for those image. Should I wait for another release? or they are just false positives.
Steps to reproduce
docker pull gitlab/gitlab-ce:17.4.3-ce.0
grype scan gitlab/gitlab-ce:17.4.3-ce.0
Which troubleshooting steps have you already taken? Can you link to any docs or other resources so we know where you have been?
Configuration
Add the security feature configuration and template includes with modifications/variables.
Versions
Please check whether options apply, and add the version information.
- Self-managed
-
GitLab.com SaaS
- Dedicated
- Self-hosted Runners
Versions
- GitLab (Web:
/help
or self-managed system informationsudo gitlab-rake gitlab:env:info
): - GitLab Runner, if self-hosted (Web
/admin/runners
or CLIgitlab-runner --version
):
Helpful resources
- Check the FAQ for helpful documentation, issues/bugs/feature proposals, and troubleshooting tips.
- Before opening a new topic, make sure to search for keywords in the forum search
- Check the GitLab and GitLab Runner projects for existing issues. If you encounter a bug, please create a bug report issue.
- Review existing troubleshooting docs.
Thanks for taking the time to be thorough in your request, it really helps!