New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade runc version to 1.1.12+ #2251
Comments
We don't directly use runc in buildx, can you show any relevant code path? |
This was the result of a trivy scan of the docker:25 container image, which reported that the docker-buildx binary contained the library github.com/opencontainers/runc v1.1.9, which is vulnerable to this CVE. Is this a false positive? |
Right so vulnerable code path is not actually used in buildx, this is a false positive. We were using the |
Great, thanks! I can document it as a False Positive and move on, then. |
Description
The version of runc in buildx is vulnerable to CVE-2024-21626. Patches for this vulnerability are included in runc 1.1.12; can the version in buildx be updated to remove this vulnerability?
The text was updated successfully, but these errors were encountered: