Yum install Without Version
- Query id: 6452c424-1d92-4deb-bb18-a03e95d579c4
- Query name: Yum install Without Version
- Platform: Dockerfile
- Severity: Medium
- Category: Supply-Chain
- URL: Github
Description¶
Not specifying the package version can cause failures due to unanticipated changes in required packages
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - dockerfile file
FROM opensuse/leap:15.2
RUN yum install -y httpd && yum clean all
RUN ["yum", "install", "httpd"]
HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1
Code samples without security vulnerabilities¶
Negative test num. 1 - dockerfile file
FROM opensuse/leap:15.2
RUN yum install -y httpd-2.24.2 && yum clean all
HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1
FROM opensuse/leap:15.3
ENV RETHINKDB_PACKAGE_VERSION 2.4.0~0trusty
RUN yum install -y rethinkdb-$RETHINKDB_PACKAGE_VERSION && yum clean all