Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2025-0665 found in sql-exporter #148

Open
JohnFrampton opened this issue Feb 7, 2025 · 0 comments
Open

CVE-2025-0665 found in sql-exporter #148

JohnFrampton opened this issue Feb 7, 2025 · 0 comments

Comments

@JohnFrampton
Copy link

The CVE comes from an crul version older that 8.12.
With the following patch this can be fixed in the "dockerfile"

Dockerfile | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 749c776..ec91b7e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21-alpine AS builder
+FROM golang:1.22-alpine3.21 AS builder

RUN apk add git bash

@@ -12,10 +12,11 @@ WORKDIR /src
RUN GOGC=off go build -mod=vendor -v -o /sql_exporter .

multistage

-FROM alpine:3.21.0
+FROM alpine:3.21.2

RUN apk --update upgrade && \

  • apk add curl ca-certificates && \
  • apk add "curl>8.12" && \
  • apk add ca-certificates &&
    apk add tzdata &&
    update-ca-certificates &&
    rm -rf /var/cache/apk/*
@JohnFrampton JohnFrampton changed the title CVE CVE-2025-0665 found in sql-exporter CVE-2025-0665 found in sql-exporter Feb 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JohnFrampton