Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Major upgrade for gevent (Critical) #20

Open
mijho opened this issue Jun 24, 2024 — with Aikido Issues · 0 comments
Open

Major upgrade for gevent (Critical) #20

mijho opened this issue Jun 24, 2024 — with Aikido Issues · 0 comments
Assignees
@Hellseher
Labels
critical

Comments

@mijho Aikido Issues
Copy link
Contributor

mijho commented Jun 24, 2024

Find more live information in Aikido here: https://app.aikido.dev/queue?sidebarIssue=1420631&groupId=333&sidebarIssueTask=26631&sidebarTab=tasks

==== Scope ====
This task includes issues in the following containers:

  • tna-eurlex-pywb
  • nrs-replay
  • up
    And 2 more.

==== TLDR ====
An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

==== How to fix ====
Rebuild your docker image and make sure you use the latest OS base image. Another method to fix this is to not install this package in your docker image at all if you do not require it. You might be able to start from a 'slimmer' base image that contains less packages.

In order to fix all of these vulnerabilities, update gevent to 23.9.0.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Hellseher Hellseher

Labels
critical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hellseher @mijho