git-sync
git-sync copied to clipboard
kubernetes
git-sync vulnerabilities
git-sync v4.2.4 scan using trivy reveals the following critical and high vulnerabilities:
| Repository | CVE | Package | Current Version | Fixed in version | Severity |
|---|---|---|---|---|---|
| runai/git-sync | CVE-2023-29007 | git | 1:2.39.2-1.1 | 1:2.39.5-0+deb12u1 | High |
| runai/git-sync | CVE-2024-37370 | libkrb5support0 | 1.20.1-2+deb12u1 | 1.20.1-2+deb12u2 | High |
| runai/git-sync | CVE-2024-37371 | libk5crypto3 | 1.20.1-2+deb12u1 | 1.20.1-2+deb12u2 | Critical |
| runai/git-sync | CVE-2024-32004 | git | 1:2.39.2-1.1 | 1:2.39.5-0+deb12u1 | High |
| runai/git-sync | CVE-2024-32465 | git | 1:2.39.2-1.1 | 1:2.39.5-0+deb12u1 | High |
| runai/git-sync | CVE-2024-45492 | libexpat1 | 2.5.0-1 | 2.5.0-1+deb12u1 | Critical |
| runai/git-sync | CVE-2024-37371 | libkrb5support0 | 1.20.1-2+deb12u1 | 1.20.1-2+deb12u2 | Critical |
| runai/git-sync | CVE-2024-37371 | libkrb5-3 | 1.20.1-2+deb12u1 | 1.20.1-2+deb12u2 | Critical |
| runai/git-sync | CVE-2024-45490 | libexpat1 | 2.5.0-1 | 2.5.0-1+deb12u1 | Critical |
| runai/git-sync | CVE-2023-25652 | git | 1:2.39.2-1.1 | 1:2.39.5-0+deb12u1 | High |
| runai/git-sync | CVE-2024-37371 | libgssapi-krb5-2 | 1.20.1-2+deb12u1 | 1.20.1-2+deb12u2 | Critical |
| runai/git-sync | CVE-2024-37370 | libkrb5-3 | 1.20.1-2+deb12u1 | 1.20.1-2+deb12u2 | High |
| runai/git-sync | CVE-2024-45491 | libexpat1 | 2.5.0-1 | 2.5.0-1+deb12u1 | Critical |
| runai/git-sync | CVE-2024-37370 | libgssapi-krb5-2 | 1.20.1-2+deb12u1 | 1.20.1-2+deb12u2 | High |
| runai/git-sync | CVE-2024-37370 | libk5crypto3 | 1.20.1-2+deb12u1 | 1.20.1-2+deb12u2 | High |
| runai/git-sync | CVE-2024-32002 | git | 1:2.39.2-1.1 | 1:2.39.5-0+deb12u1 | Critical |
Most can be fixed by upgrading the operating system image. If you can please help by fixing and releasing a new version.
