aws-efs-csi-driver
aws-efs-csi-driver copied to clipboard
kubernetes-sigs
Multiple Vulns found in aws-efs-csi-driver:2.1.8
/kind bug
What happened? Scanned the current latest image of the aws efs csi driver (v2.1.8) using Aquasec and it identified a number of known vulnerabilities (see details below)
| Resource | Current Version | Fixed Version | Vulnerabilities |
|---|---|---|---|
| stdlib | 1.22.9 | 1.23.10, 1.24.4 | CVE-2025-22871, CVE-2024-45336, CVE-2024-45341, CVE-2025-22866, CVE-2025-0913, CVE-2025-4673 |
| glibc | 2.34-117.amzn2023.0.1 | 2.34-196.amzn2023.0.1 | ALAS2023-2025-988, ALAS2023-2025-1001 |
| glibc-common | 2.34-117.amzn2023.0.1 | 2.34-196.amzn2023.0.1 | ALAS2023-2025-988, ALAS2023-2025-1001 |
| glibc-minimal-langpack | 2.34-117.amzn2023.0.1 | 2.34-196.amzn2023.0.1 | ALAS2023-2025-988, ALAS2023-2025-1001 |
| golang.org/x/net | v0.33.0 | 0.38.0 | CVE-2025-22870, CVE-2025-22872 |
| python3.11 | 3.11.11-5.amzn2023.0.1 | 3.11.13-1.amzn2023.0.1 | ALAS2023-2025-1045,ALAS2023-2025-1032 |
| python3.11-libs | 3.11.11-5.amzn2023.0.1 | 3.11.13-1.amzn2023.0.1 | ALAS2023-2025-1045,ALAS2023-2025-1032 |
What you expected to happen? When image is scanned the image is compliant as it doesn't contain any known vulnerabilities
How to reproduce it (as minimally and precisely as possible)? scan the amazon/aws-efs-csi-driver:v2.1.8 image
