76 critical 125 major and 6 minor vulnerabilities


#1

Rocket.Chat 0.72.0 has 76 critical 125 major and 6 minor vulnerabilities when scanned by Docker DTR.

By running the code below in my Docker file it reduces to 37 Critical 56 Major 5 Minor 1 Hidden
&& npm i npa@latest -g
&& npm update -g

There are the 37 Critical one I have left but I cannot figure out how to fix these. I have tried updating them but nothing works. Does anyone have ideas or have figure a way to fix these vulnerabilities?
pcre
8.31
17 Critical4 Major

libpng
1.6.12
5 Critical1 Major

libpng
1.5.10
4 Critical5 Major

sqlite3
3.7.7.1
4 Critical1 Major

zlib
1.2.5
2 Critical2 Major

kerberos
1.12.1+dfsg-19+deb8u4
1 Critical3 Major

libicu
52.1-8+deb8u7
1 Critical1 Major

glibc
2.19-18+deb8u10
1 Critical

cryptsetup
1.6.6-5
1 Critical

kerberos
1 Critical

I am using this Dockerfile as my base.


#2

Seems most of these are in the Debian base. I wrestled with this actually for several days before I swapped Debian out for alpine.

May be of interest?


#3

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)


#4

Wow this thing is huge! 1.13GB rocketchat/rocket.chat:0.71.1-1


#5

My local stats for sure did not read 1.3 Gig.

Sadly this is the downside to nodejs and npm. By time you do npm install things definitely grow.

But our scans through Claire returned no issues. I’m guessing the big part is since using musl instead of the usual libc variants