Hi there, I tried to build the mysql-operator-sidecar-5.7 image, but I have encountered two CVE’s after scanning with Trivy:
CVE-2021-3121 (high), CVE-2021-38561 (high)
These (golang) libraries seem to be related with a few binaries from the Percona Toolkit:
pt-k8s-debug-collector
pt-mongodb-query-digest
pt-mongodb-summary
Does this have security impact or can we whitelist them?
Both libraries have fixed versions.
For now, I had to rebuild the binaries for linux_amd64 at percona-toolkit/src/go. This seems to have built with the fixed versions of the libraries. Copied the binaries to a forked sidecar 5.7 image and ran trivy scan without vulnerabilities.
Ofcourse this is a temporary solution in order to fullfill security requirements.
Unanswered | Unsolved | Solved
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright © 2006 - 2021 Percona LLC. All rights reserved.