CVE Remediation change #46
Comments
|
Hi, if you're using this component in a commercial setting, feel free to send your own Pull Request or sponsor my time via GitHub. Alex |
|
Closing given no response in over 6 weeks from original issue creator. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Scanned docker image with grype.
Facing the vaularability issue.
❯ grype thirdparty-app-reg-crds
✔ Vulnerability DB [no update available]
✔ Loaded image athena-thirdparty-app-reg-crds:latest
✔ Parsed image sha256:1af2ea6f88c4c6e49b2bbdbe0d31cb781c4f748618ca9f651b6238ada0878c2c
✔ Cataloged contents 7d1168fa380f44f6050f6f8d069b8ce31c88b0407b48d49fdcfd1c96bb46f235
├── ✔ Packages [63 packages]
├── ✔ File digests [1,205 files]
├── ✔ File metadata [1,205 locations]
└── ✔ Executables [1 executables]
✔ Scanned for vulnerabilities [9 vulnerability matches]
├── by severity: 0 critical, 1 high, 2 medium, 0 low, 0 negligible (6 unknown)
└── by status: 1 fixed, 8 not-fixed, 0 ignored
[0001] WARN unable to read dynamic symbols from elf file error=no symbol section
[0001] WARN unable to read dynamic symbols from elf file error=no symbol section
[0001] WARN some package(s) are missing CPEs. This may result in missing vulnerabilities. You may autogenerate these using: --add-cpes-if-none
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
google.golang.org/protobuf v1.30.0 1.33.0 go-module GHSA-8r3f-844c-mc37 Medium
stdlib go1.21.3 go-module CVE-2023-45285 High
stdlib go1.21.3 go-module CVE-2023-39326 Medium
stdlib go1.21.3 go-module CVE-2024-24785 Unknown
stdlib go1.21.3 go-module CVE-2024-24784 Unknown
stdlib go1.21.3 go-module CVE-2024-24783 Unknown
stdlib go1.21.3 go-module CVE-2023-45290 Unknown
stdlib go1.21.3 go-module CVE-2023-45289 Unknown
stdlib go1.21.3 go-module CVE-2023-45288 Unknown
A newer version of grype is available for download: 0.77.0 (installed version is 0.74.5)
Solution:
The text was updated successfully, but these errors were encountered: