Description of problem: When using image dotnet-22-rhel7:latest it has System.Net.Http 4.3.0 version which has some vulnerabilities. https://github.com/aspnet/Announcements/issues/239 Version-Release number of selected component (if applicable): dotnet-22-rhel7:latest
Bug supporting link : https://nvd.nist.gov/vuln/detail/CVE-2018-8292
Update from TAM I found the following errata and bz which correspond to the same CVE: https://access.redhat.com/security/cve/cve-2018-8292 https://bugzilla.redhat.com/show_bug.cgi?id=1636274 It seems like this could possibly not be an issue (rh-dotnet21-dotnet is listed as not affected), but there is no mention of version 2.2?
Customer want us to confirm that the Red Hat image itself is not vulnerable, as perhaps with the hardcoded System.Net.Http 4.3.0 version ?? I have sent an email to secalert as well to confirm the same.
*** This bug has been marked as a duplicate of bug 1636274 ***