spark-operator icon indicating copy to clipboard operation
spark-operator copied to clipboard

Published 20 hours ago verified publisher icon kubeflow

CVE-2021-25741 and others in k8s.io/kubernetes

Open degant opened this issue 1 year ago • 4 comments

There's an older vulnerability from 2021 that gets flagged when we're trying to use the spark-operator: https://github.com/advisories/GHSA-f5f7-6478-qm6p

I haven't looked into the details of the vulnerability on whether it impacts the spark operator. But any chance we can update the k8s.io/kubernetes to a more recent 1.19.15+?

In addition, we're also seeing the following issues:

  • https://github.com/advisories/GHSA-g42g-737j-qx6j (CVE-2021-25735)
  • https://github.com/advisories/GHSA-mfv7-gq43-w965 (CVE-2021-25737)

degant avatar Mar 14 '23 18:03 degant