Uploaded image for project: 'Talend Component Kit'
  1. Talend Component Kit
  2. TCOMP-2268

Upgrade jib to 0.22.0

Apply templateInsert Lucidchart DiagramXMLWordPrintable

    • GreenHopper Ranking:
      0|i2jsjf:
    • 9223372036854775807

      Remote Code Execution in Talend/component-runtime (master)

      Issue Details

      • Vulnerability: Remote Code Execution
      • Severity: High
      • Project: Talend/component-runtime
      • Branch: master
      • Scan Date: Unknown

      Issue Description

      com.google.cloud.tools:jib-core is vulnerable to remote code execution. The executables are run without verifying whether the provided docker path is accurate, which allows a remote attacker to upload and execute malicious code via the vulnerable `isDockerInstalled` function.

      View more details

       

      We need to keep remote-engine-customizer using jib for the docker layers handling.

      component-starter-server will move to TSBI (see linked issues).

       

        1. Screen Shot 2022-09-26 at 11.41.12.png
          Screen Shot 2022-09-26 at 11.41.12.png
          803 kB
        2. Screen Shot 2022-09-26 at 11.42.53.png
          Screen Shot 2022-09-26 at 11.42.53.png
          765 kB

            emmanuel_g emmanuel gallois
            wwang Wei Wang
            emmanuel gallois, Yueyan Yin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: