Alpine Docker 3.12 image vulnerable to CVE-2018-1000500 - (BusyBox)
There was a fix submitted in response to this vulnerability as referenced here: https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91 on 5/20/2020.
The Alpine 3.12 release; however, still referenced busybox 1.31.1 version. On July 2, 2020 an upgrade to busybox 1.32.0 was included in Alpine branch main/busybox. This would resolve the current CVE-2018-1000500 issue. When will a patch release be rolled out to include this SSL vulnerability?
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information