02-23-2026 12:59 AM
Below are docker file instruction
FROM docker.io/library/alpine:latest
RUN apk update && apk add --no-cache tar
With this only tar package is being installed within image. But during scan of same image with Prisma security scan tool, it is incorrectly mapping same with "https://nvd.nist.gov/vuln/detail/CVE-2018-20834" having node-tar vulnerability. Also proving fix like below that is again irrelavant.
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2
| https://nvd.nist.gov/vuln/detail/CVE-2018-20834 |
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
