Kong docker image has critical and high Security vulnerability reported by Blackduck

Hi we have used open source kong:2.7.0-ubuntu image in our project and when scanning the image via blackduck tool for security vulnerability we see multiple issues. Could someone help how to resolve them ?

The critical state vulnerability are in Apache Hive dependencies and I am not sure where it is coming into the container. The report shows below 2 as critical :

Apache Hivev2.5
github: apache/apisix:2.5

Apache Hive2.8
github: apache/apisix:2.8

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ