0

We found 1 vulnerability in base docker image "pyjwt version 2.3.0 has 1 vulnerability" Fixed in version pyjwt 2.4.0

Below is the Dockerfile

FROM ubuntu:22.04

# hadolint ignore=DL3015
# hadolint ignore=DL3008
RUN apt-get clean
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get -y update

RUN apt-get -y upgrade apt \
    && apt-get install -y unoconv ghostscript software-properties-common \
    && add-apt-repository ppa:ondrej/php -y \
    && apt -y install php7.4 \
    && apt-get install -y curl jq php7.4-bcmath php7.4-xml zip unzip php7.4-zip \
    && apt-get install -y php7.4-fpm php7.4-amqp composer nginx openssl php7.4-curl ca-certificates \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
    && unzip awscliv2.zip \
    && ./aws/install \
    && rm awscliv2.zip

# Setup services
COPY ./src/scripts/nginx.conf   /etc/nginx/nginx.conf
COPY ./src/scripts/run.sh       /opt/run.sh
RUN chmod -R a+rw /etc/nginx
RUN chmod -R a+rw /etc/php/7.4/fpm
RUN chmod +x      /opt/run.sh

EXPOSE 8080 8443

CMD [ "/opt/run.sh" ]

I have tried many things like update installing python3 and updating pyjwt package with pip install pyjwt==2.4.0. But it didn't work. It seems like one of the above package from Dockerfile is using pyjwt(2.3.0) and I don't know how do i update it.

flixy
  • 73
  • 2
  • 10

1 Answers1

0

You can try uninstall python3-jwt package with apt and install new version with pip

RUN apt purge --autoremove python3-jwt -y
RUN pip3 install PyJWT==2.4.0
maxx-nomad
  • 11
  • 4