Major Apart from UI related CVE, We see there are few other CVE like CVE-2020-1747 which is caused due to pyyaml 5.3 version which is used in latest version Quay.
However the advisory[1] mentions its affected but mentions it will not fix, any reason for that ?
Also we have couple of more non UI releated CVE, attaching complete list from Prisma Scanner
[1]https://access.redhat.com/security/cve/cve-2020-1747
[2]https://access.redhat.com/security/cve/cve-2020-14343
- is caused by
-
PROJQUAY-1822 CVE-2019-20149 quay-registry-container: nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes [quay-3.6]
-
- Closed
-
