Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Hi, While scanning a docker image containing apache ftp it reported that:
/apache-ftpserver-1.1.1/common/lib/log4j-1.2.17.jar
has the following vulnerability ranked as critical
CVE-2019-17571
Some further info:
Output from the Grype scan
NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY bash 5.0-6ubuntu1.1 CVE-2019-18276 Low coreutils 8.30-3ubuntu2 CVE-2016-2781 Low gpgv 2.2.19-3ubuntu2 CVE-2019-13050 Low krb5-locales 1.17-6ubuntu4.1 CVE-2018-5709 Negligible libapparmor1 2.13.3-7ubuntu5.1 CVE-2016-1585 Medium libc-bin 2.31-0ubuntu9.1 CVE-2016-10228 Negligible libc-bin 2.31-0ubuntu9.1 CVE-2020-6096 Low libc-bin 2.31-0ubuntu9.1 CVE-2020-29562 Low libc-bin 2.31-0ubuntu9.1 CVE-2020-27618 Low libc-bin 2.31-0ubuntu9.1 CVE-2019-25013 Low libc6 2.31-0ubuntu9.1 CVE-2016-10228 Negligible libc6 2.31-0ubuntu9.1 CVE-2020-6096 Low libc6 2.31-0ubuntu9.1 CVE-2020-29562 Low libc6 2.31-0ubuntu9.1 CVE-2020-27618 Low libc6 2.31-0ubuntu9.1 CVE-2019-25013 Low libcairo-gobject2 1.16.0-4ubuntu1 CVE-2017-9814 Low libcairo-gobject2 1.16.0-4ubuntu1 CVE-2017-7475 Low libcairo-gobject2 1.16.0-4ubuntu1 CVE-2019-6462 Low libcairo-gobject2 1.16.0-4ubuntu1 CVE-2019-6461 Low libcairo-gobject2 1.16.0-4ubuntu1 CVE-2018-18064 Low libcairo2 1.16.0-4ubuntu1 CVE-2017-9814 Low libcairo2 1.16.0-4ubuntu1 CVE-2017-7475 Low libcairo2 1.16.0-4ubuntu1 CVE-2019-6462 Low libcairo2 1.16.0-4ubuntu1 CVE-2019-6461 Low libcairo2 1.16.0-4ubuntu1 CVE-2018-18064 Low libcups2 2.3.1-9ubuntu1.1 CVE-2019-8842 Low libcups2 2.3.1-9ubuntu1.1 CVE-2020-10001 Low libflac8 1.3.3-1build1 CVE-2020-0499 Low libgcrypt20 1.8.5-5ubuntu1 CVE-2019-12904 Low libgif7 5.1.9-1 CVE-2018-11489 Low libglib2.0-0 2.64.6-1~ubuntu20.04.1 CVE-2021-27218 Medium libglib2.0-0 2.64.6-1~ubuntu20.04.1 CVE-2021-27219 Medium libglib2.0-data 2.64.6-1~ubuntu20.04.1 CVE-2021-27218 Medium libglib2.0-data 2.64.6-1~ubuntu20.04.1 CVE-2021-27219 Medium libgssapi-krb5-2 1.17-6ubuntu4.1 CVE-2018-5709 Negligible libjbig0 2.1-3.1build1 CVE-2017-9937 Negligible libk5crypto3 1.17-6ubuntu4.1 CVE-2018-5709 Negligible libkrb5-3 1.17-6ubuntu4.1 CVE-2018-5709 Negligible libkrb5support0 1.17-6ubuntu4.1 CVE-2018-5709 Negligible libnss3 2:3.49.1-1ubuntu1.5 CVE-2020-25648 Low libpcre3 2:8.39-12build1 CVE-2017-11164 Negligible libpcre3 2:8.39-12build1 CVE-2020-14155 Negligible libpcre3 2:8.39-12build1 CVE-2019-20838 Low libpython3.8 3.8.5-1~20.04.2 CVE-2021-3177 Medium libpython3.8 3.8.5-1~20.04.2 CVE-2020-27619 Low libpython3.8 3.8.5-1~20.04.2 CVE-2021-23336 Medium libpython3.8-minimal 3.8.5-1~20.04.2 CVE-2021-3177 Medium libpython3.8-minimal 3.8.5-1~20.04.2 CVE-2020-27619 Low libpython3.8-minimal 3.8.5-1~20.04.2 CVE-2021-23336 Medium libpython3.8-stdlib 3.8.5-1~20.04.2 CVE-2021-3177 Medium libpython3.8-stdlib 3.8.5-1~20.04.2 CVE-2020-27619 Low libpython3.8-stdlib 3.8.5-1~20.04.2 CVE-2021-23336 Medium libsqlite3-0 3.31.1-4ubuntu0.2 CVE-2020-9794 Medium libsqlite3-0 3.31.1-4ubuntu0.2 CVE-2020-9991 Low libsqlite3-0 3.31.1-4ubuntu0.2 CVE-2020-9849 Low libsystemd0 245.4-4ubuntu3.4 CVE-2018-20839 Medium libtasn1-6 4.16.0-2 CVE-2018-1000654 Negligible libtiff5 4.1.0+git191117-2build1 CVE-2018-10126 Low libudev1 245.4-4ubuntu3.4 CVE-2018-20839 Medium libwebp6 0.6.1-2 CVE-2016-9085 Medium libx11-6 2:1.6.9-2ubuntu1.1 CVE-2020-25697 Low libx11-data 2:1.6.9-2ubuntu1.1 CVE-2020-25697 Low libx11-xcb1 2:1.6.9-2ubuntu1.1 CVE-2020-25697 Low libxml2 2.9.10+dfsg-5 CVE-2020-24977 Low log4j 1.2.17 GHSA-2qrg-x229-3v8q Medium log4j 1.2.17 CVE-2019-17571 Critical log4j 1.2.17 CVE-2020-9488 Low login 1:4.8.1-1ubuntu5.20.04 CVE-2013-4235 Low passwd 1:4.8.1-1ubuntu5.20.04 CVE-2013-4235 Low rt 1.8.0_282 CVE-2011-0009 Medium rt 1.8.0_282 CVE-2011-1007 Low rt 1.8.0_282 CVE-2011-1008 Medium rt 1.8.0_282 CVE-2011-2085 Medium x11-common 1:7.7+19ubuntu14 CVE-2012-1093 Low xdg-user-dirs 0.17-2ubuntu1 CVE-2017-15131 Low