Skip to content

fix: add missing apt deps and address high-severity sandbox image vulnerabilities#22

Closed
drew wants to merge 2 commits intomainfrom
add-coding-agent-deps-to-base-sandbox
Closed

fix: add missing apt deps and address high-severity sandbox image vulnerabilities#22
drew wants to merge 2 commits intomainfrom
add-coding-agent-deps-to-base-sandbox

Conversation

@drew
Copy link
Collaborator

@drew drew commented Mar 12, 2026

Summary

  • Add openssh-sftp-server and procps to the base sandbox image (required for VS Code / Cursor remote SSH)
  • Fix 9 high-severity vulnerabilities across the sandbox image chain
  • Pin package versions for reproducibility and security

Vulnerability Scan Disposition

# Advisory Severity Package Installed Fixed Dockerfile Action
1 GHSA-6xvm-j4wr-6v98 High quinn-proto 0.11.12 0.11.14 No fix available. Rust crate from upstream NVIDIA base image or openshell binary. Not controlled by community Dockerfiles.
2 GHSA-wc8c-qw6v-h7f6 High @hono/node-server 1.19.9 1.19.10 nemoclaw/Dockerfile Fixed. Force-upgraded to @hono/node-server@1.19.11.
3 GHSA-rchv-x836-w7xp High openclaw 2026.3.2 2026.3.7 openclaw/Dockerfile Fixed. Pinned to openclaw@2026.3.7.
4 GHSA-6mgf-v5j7-45cr High openclaw 2026.3.2 2026.3.7 openclaw/Dockerfile Fixed. Same pin as #3.
5 GHSA-qffp-2rhf-9h96 High tar 7.5.9 7.5.10 base/Dockerfile Fixed. Force-upgraded to tar@7.5.11.
6 GHSA-9ppj-qmqm-q256 High tar 7.5.9 7.5.11 base/Dockerfile Fixed. Same as #5.
7 GHSA-8qq5-rm4j-mr97 High tar 6.2.1 7.5.3 base/Dockerfile Fixed. Same as #5tar@7.5.11 supersedes all prior fix versions.
8 GHSA-r6q2-hw4h-h46w High tar 6.2.1 7.5.4 base/Dockerfile Fixed. Same as #5.
9 GHSA-34x7-hfp2-rc4v High tar 6.2.1 7.5.7 base/Dockerfile Fixed. Same as #5.
10 GHSA-83g3-92jg-28cx High tar 6.2.1 7.5.8 base/Dockerfile Fixed. Same as #5.
11 CVE-2024-52308 High gh 2.87.3 None base/Dockerfile False positive. Fix landed in gh 2.62.0; installed version 2.87.3 already contains the patch.

Not addressable in this repo

Package Reason
quinn-proto Rust crate baked into upstream binary/base image. Requires fix in openshell (non-community) or the NVIDIA base image.
gh Scanner metadata issue — installed version already patched.

Changes

sandboxes/base/Dockerfile

  • Add openssh-sftp-server and procps apt packages
  • Add npm install -g tar@7.5.11 after Node.js install (fixes 6 tar CVEs)

sandboxes/openclaw/Dockerfile

  • Pin openclaw@2026.3.7 (fixes 2 openclaw CVEs: auth material leak + cross-origin header forwarding)

sandboxes/nemoclaw/Dockerfile

  • Add npm install -g @hono/node-server@1.19.11 (fixes authorization bypass via encoded slashes)

drew added 2 commits March 11, 2026 21:28
@drew
chore: add openssh-sftp-server and procps to base sandbox image
dce0cc2 
These packages are required for VS Code and Cursor remote SSH
connections to function properly (SFTP file transfer, process
inspection).
@drew
fix: address high-severity vulnerabilities in sandbox images
03828fb 
- base: force-upgrade tar@7.5.11 to fix 6 CVEs (GHSA-qffp, GHSA-9ppj,
  GHSA-8qq5, GHSA-r6q2, GHSA-34x7, GHSA-83g3)
- openclaw: pin openclaw@2026.3.7 to fix auth material leak and
  cross-origin header forwarding (GHSA-rchv, GHSA-6mgf)
- nemoclaw: force-upgrade @hono/node-server@1.19.11 to fix authorization
  bypass via encoded slashes (GHSA-wc8c)
drew added a commit that referenced this pull request Mar 12, 2026
@drew
chore: add openssh-sftp-server, procps, and tar@7.5.11 to base image
f96f3fe 
Incorporates changes from PR #22:
- openssh-sftp-server and procps are required for VS Code / Cursor remote
  SSH connections (SFTP file transfer, process inspection)
- tar@7.5.11 in the base image fixes 6 CVEs at the earliest layer
@drew drew closed this Mar 12, 2026
drew added a commit that referenced this pull request Mar 12, 2026
@drew
chore: upgrade sandbox dependencies and fix vulnerabilities (#23)
f5bcb5a 
* chore: upgrade Python to 3.13, openclaw to 2026.3.11, and fix transitive tar vulnerabilities

- base: replace Ubuntu Noble's Python 3.12 with Python 3.13 from deadsnakes PPA
- openclaw: pin openclaw@2026.3.11 to fix GHSA-5wcw-8jjv-m286 (WebSocket hijacking)
- nemoclaw: force-upgrade nested tar copies to 7.5.11 (GHSA-qffp-2rhf-9h96 et al.)

* fix: pin @hono/node-server@1.19.11 to fix authorization bypass (GHSA-wc8c-qw6v-h7f6)

* chore: add openssh-sftp-server, procps, and tar@7.5.11 to base image

Incorporates changes from PR #22:
- openssh-sftp-server and procps are required for VS Code / Cursor remote
  SSH connections (SFTP file transfer, process inspection)
- tar@7.5.11 in the base image fixes 6 CVEs at the earliest layer

* fix: drop npm internal tar update that fails on missing @npmcli/docs

npm's bundled node_modules cannot be safely updated via --prefix; the
update resolves @npmcli/docs@^1.0.0 which does not exist on the
registry. The global tar@7.5.11 install and the openclaw-scoped update
are sufficient.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@drew