Missing Version Specification In dnf install
- Query id: 93d88cf7-f078-46a8-8ddc-178e03aeacf1
- Query name: Missing Version Specification In dnf install
- Platform: Dockerfile
- Severity: Medium
- Category: Supply-Chain
- CWE: 1357
- URL: Github
Description¶
Specifying a package version allows to reduce failures due to unanticipated changes in required packages.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - dockerfile file
FROM fedora:latest
RUN dnf -y update && dnf -y install httpd && dnf clean all
RUN ["dnf", "install", "httpd"]
COPY index.html /var/www/html/index.html
EXPOSE 80
ENTRYPOINT /usr/sbin/httpd -DFOREGROUND