How do I fix vulnerability in image

Question

When I had scanned image quay.io/strimzi/kafka:0.32.0-kafka-3.3.1 using trivy i got vunerabilty in this image.

opt/kafka/libs/snakeyaml-1.33.jar
=================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

+--------------------+------------------+----------+-------------------+---------------+--------------------------------------+
|      LIBRARY       | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                TITLE                 |
+--------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| org.yaml:snakeyaml | CVE-2022-1471    | CRITICAL |              1.33 |               | SnakeYaml: Constructor               |
|                    |                  |          |                   |               | Deserialization                      |
|                    |                  |          |                   |               | Remote Code Execution                |
|                    |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-1471 |
+--------------------+------------------+----------+-------------------+---------------+--------------------------------------+

After pulling an image what i have do to fix this issue ?

I need an image with 0 vulnerability.

Please don't repost the same questions – OneCricketeer Dec 29 '22 at 22:56 — OneCricketeer, Dec 29 '22 at 22:56

score 2 · Answer 1 · answered Dec 29 '22 at 13:35

2

If you dont own the image then theres not much you can do. You'll have to open an issue to the owners to fix

answered Dec 29 '22 at 13:35

testfile

2,145
1
12
31

How do I fix vulnerability in image

1 Answers1