Vulnerabilities CVE-2022-24757 and CVE-2022-24758
38 views
Skip to first unread message
M. Manna
Jun 5, 2022, 12:33:09 PM6/5/22
to Project Jupyter
Hi,
With regards to the Subjet CVEs – we’re currently using jupyter Docker Stacks.
To be precise, we’re using the latest of datascience-notebook docker image.
My questions are:
- If we pull the latest image to configure our Jupyter
environment, would that remediate the issue?
- I can see that the latest base image is recommended, but not sure if that would actually be pulled - https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55
- If not, could you kindly recommend what to do here?
Thanks in advance for the kind consideration.
Regards,
M. Manna
M. Manna
Jun 5, 2022, 12:35:29 PM6/5/22
to Project Jupyter
Just some additional info
1. We pull jupyter/datascience-notebook:latest as "Base" image in our DOCKERFILE which is for our custom Jupyter configuration and deployment
1. We pull jupyter/datascience-notebook:latest as "Base" image in our DOCKERFILE which is for our custom Jupyter configuration and deployment
2. We deploy the image above in our internal collaboration environment for notebook usage.
Hence, my concern is that by rebuilding image at #1 above, we might not be pulling the latest "minimal-notebook" base image - or rather, I don't know if we would
Reply all
Reply to author
Forward
0 new messages