CVE-2021-3121 and CVE-2021-38561

Hi there, I tried to build the mysql-operator-sidecar-5.7 image, but I have encountered two CVE’s after scanning with Trivy:
CVE-2021-3121 (high), CVE-2021-38561 (high)

These (golang) libraries seem to be related with a few binaries from the Percona Toolkit:
pt-k8s-debug-collector
pt-mongodb-query-digest
pt-mongodb-summary

Does this have security impact or can we whitelist them?

Both libraries have fixed versions.

1 Like

For now, I had to rebuild the binaries for linux_amd64 at percona-toolkit/src/go. This seems to have built with the fixed versions of the libraries. Copied the binaries to a forked sidecar 5.7 image and ran trivy scan without vulnerabilities.
Ofcourse this is a temporary solution in order to fullfill security requirements.

1 Like