Description of problem:
When using image dotnet-22-rhel7:latest it has System.Net.Http 4.3.0 version which has some vulnerabilities.
Version-Release number of selected component (if applicable):
Bug supporting link : https://nvd.nist.gov/vuln/detail/CVE-2018-8292
Update from TAM
I found the following errata and bz which correspond to the same CVE:
It seems like this could possibly not be an issue (rh-dotnet21-dotnet is listed as not affected), but there is no mention of version 2.2?
Customer want us to confirm that the Red Hat image itself is not vulnerable, as perhaps with the hardcoded System.Net.Http 4.3.0 version ??
I have sent an email to secalert as well to confirm the same.
*** This bug has been marked as a duplicate of bug 1636274 ***