Zeebe vulnerabilities with version 0.23.1

eapen_eapen · May 15, 2020, 8:36am

Hi,
we are trying to get the zeebe version uploaded to our company system but due to the following vulnerabilities we are not able to complete the job.

With Zeebe docker image
Type: VULNERABILITY
Name: CVE-2020-11612
CVSS Score v2: 7.5
Severity: high
NVD - CVE-2020-11612
with maven jar file
Type: VULNERABILITY
Name: SNYK-JAVA-IONETTY-564897
CVSS Score v3: 8.2
Severity: high
Description Link: Uncontrolled Memory Allocation in io.netty:netty-codec | CVE-2020-11612 | Snyk

please can you able to help me with resolving the above issues ?

Thanks
Eapen John

salaboy · May 15, 2020, 8:51am

@eapenjohn the best way to resolve these issues is to open an issue for each of them in GitHub - camunda/zeebe: Distributed Workflow Engine for Microservices Orchestration so you can keep track of the progress

eapen_eapen · May 18, 2020, 10:56am

thanks, l have a raised in Github

salaboy · May 19, 2020, 8:48am

@eapenjohn thanks a lot… now you can keep track of that issue.

system · January 31, 2024, 10:07am