Trivy scan security vulnerabilities
During the trivy check of the notification-v0-27-0-azure-1:latest docker image we found some security vulnerabilities:
| Vulnerability ID | Affected libs | Severity | Description | Link | Source |
|---|---|---|---|---|---|
| CVE-2023-52428 | com.nimbusds:nimbus-jose-jwt 8.2 | HIGH | nimbus-jose-jwt: large JWE p2c header value causes Denial of service | https://avd.aquasec.com/nvd/cve-2023-52428 | Java (jar) |
| CVE-2024-47535 | io.netty:netty-common 4.1.109.Final (applicationinsights-agent.jar), io.netty:netty-common 4.1.111.Final (app.jar) | HIGH | netty: Denial of Service attack on windows app using Netty | https://avd.aquasec.com/nvd/cve-2024-47535 | Java (jar) |
| CVE-2024-38816 | org.springframework:spring-webmvc 6.1.10 (app.jar) | HIGH | spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource | https://avd.aquasec.com/nvd/cve-2024-38816 | Java (jar) |
| CVE-2024-38821 | CRITICAL | Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications | Java (jar) | ||
| CVE-2024-7885 | HIGH | undertow: Improper State Management in Proxy Protocol parsing causes information leakage | Java (jar) |