dns icon indicating copy to clipboard operation
dns copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

Vulnerability scan of image version 1.22.3 reports CVE-2020-13949 and CVE-2022-27191

Open chandanD4 opened this issue 2 years ago • 1 comments

Latest vulnerability scan reports the above mentioned vulnerability .

CVE-2020-13949 : Require uplift of github.com/apache/thrift from v.13.0 to v.14.0

CVE-2022-27191 : Require golang.org/x/crypto from v0.0.0-20200622213623-75b288015ac9 to 0.0.0-20220315160706-3147a52a75dd

What is the plan for addressing these ?

chandanD4 avatar Jun 08 '22 10:06 chandanD4

We should fix https://github.com/kubernetes/dns/issues/505 to unblock pinned dependencies to be able to update

dpasiukevich avatar Jul 28 '22 14:07 dpasiukevich

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Oct 26 '22 14:10 k8s-triage-robot

/remove-lifecycle stale

dpasiukevich avatar Nov 09 '22 08:11 dpasiukevich