Uploaded image for project: 'Talend Component Kit'
  1. Talend Component Kit
  2. TCOMP-2268

Upgrade jib to 0.22.0

Apply templateInsert Lucidchart Diagram
    XMLWordPrintable

Details

    • GreenHopper Ranking:
      0|i2jsjf:
    • 9223372036854775807

    Description

      Remote Code Execution in Talend/component-runtime (master)

      Issue Details

      • Vulnerability: Remote Code Execution
      • Severity: High
      • Project: Talend/component-runtime
      • Branch: master
      • Scan Date: Unknown

      Issue Description

      com.google.cloud.tools:jib-core is vulnerable to remote code execution. The executables are run without verifying whether the provided docker path is accurate, which allows a remote attacker to upload and execute malicious code via the vulnerable `isDockerInstalled` function.

      View more details

       

      We need to keep remote-engine-customizer using jib for the docker layers handling.

      component-starter-server will move to TSBI (see linked issues).

       

      Attachments

        Issue Links

          is related to

          Work Item - Work item for the scum process TCOMP-2274 Move component-starter-server to TSBI

          • Minor - Less important parts of the product are affected by the problem or a solution is available for avoiding major consequences. A minor impairment of the customer's business is possible.
          • Done

          Activity

            People

              emmanuel_g emmanuel gallois
              wwang Wei Wang
              emmanuel gallois, Yueyan Yin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: