Comment by kevcampb
1 month ago
It seems that Snyk isn't picking this up on our docker images. They have a vulnerability published for the nginx binary itself.
https://security.snyk.io/vuln/SNYK-UNMANAGED-NGINX-16679754
But they've not released any vulnerability for the Alpine or Debian packages.
Does anyone know what's happening here? Seems concerning that there's a 2 day old RCE not being picked up.
They've just been released
https://security.snyk.io/vuln/SNYK-DEBIAN13-NGINX-16732761
https://security.snyk.io/vuln/SNYK-ALPINE323-NGINX-16722461
So it seems that Snyk is taking almost a week to get advisories out for an RCE