How to fix CVE-2024-5535 for Dockerfile using node:22.1.0?

  Kiến thức lập trình

We found that there is security vulnerability for the Dockerfile we are using.

The security vulnerability scan detected following

| CVE-2024-5535 | critical | 0.00 | openssl | 3.0.13-1~deb12u1 | openssl: SSL_select_next_proto buffer overread     |

Here is the Dockerfile I am using

FROM node:22.1.0

# Update system packages
RUN apt-get update && 
    apt-get upgrade -y && 
    apt-get install -y libexpat1 imagemagick git python3.11 sqlite3 libncurses5-dev libncursesw5-dev && 
    apt-get remove --purge --auto-remove -y openssh-client:amd64

# Remove vulnerable packages
RUN apt-get remove --purge --auto-remove -y libexpat1 imagemagick git python3.11 sqlite3 wget

# Additional cleanup
RUN apt-get autoremove -y && apt-get clean

# Install npm dependencies and build the application
RUN npm config set registry https://******/artifactory/api/npm/npm-virtual
RUN npm update -g
RUN npm install && npm run build

# Set the entry point
ENTRYPOINT [ "npm" , "run", "start" ]

Please suggest if there is a fix for CVE-2024-5535 for specifically node:22.1.0

I tried changing

apt-get install -y libexpat1 imagemagick git python3.11 sqlite3 libncurses5-dev libncursesw5-dev

to

apt-get install -y libexpat1 imagemagick git python3.11 sqlite3 libncurses5-dev libncursesw5-dev bash ssh curl &&

But it didn’t work

  • security
  • dockerfile
  • node-modules
  • npm-vulnerabilities

New contributor

Code Master is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Theme wordpress giá rẻ Theme wordpress giá rẻ Thiết kế website

LEAVE A COMMENT