Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please fix the CVEs for v0.47.2 #3471

Closed
zhai-zhe opened this issue Feb 22, 2024 · 3 comments
Closed

Please fix the CVEs for v0.47.2 #3471

zhai-zhe opened this issue Feb 22, 2024 · 3 comments

Comments

@zhai-zhe
Copy link

<style type="text/css"></style>

CVE ID Type Severity Packages Source Package Package Version CVSS Fix Status
CVE-2023-29404 binary critical go   1.19.9 9.8 fixed in 1.20.5, 1.19.10
CVE-2023-29405 binary critical go   1.19.9 9.8 fixed in 1.20.5, 1.19.10
CVE-2023-29402 binary critical go   1.19.9 9.8 fixed in 1.20.5, 1.19.10
CVE-2019-0190 OS high libssl1.1,libcrypto1.1 openssl 1.1.1u-r1 7.5  
CVE-2023-2253 go high github.com/docker/distribution   v2.8.1 7.5 fixed in 2.8.2-beta.1
CVE-2023-28840 go high github.com/docker/docker   v20.10.21 7.5 fixed in 23.0.3, 20.10.24
CVE-2023-27561 go high github.com/opencontainers/runc   v1.1.4 7 fixed in 1.1.5
CVE-2024-21626 go high github.com/opencontainers/runc   v1.1.4 8.6 fixed in 1.1.12
CVE-2023-39325 go high golang.org/x/net   v0.4.0 7.5 fixed in 0.17.0
CVE-2022-41723 go high golang.org/x/net   v0.4.0 7.5 fixed in 0.7.0
GHSA-m425-mq94-257g go high google.golang.org/grpc   v1.51.0 7.5 fixed in 1.58.3, 1.57.1, 1.56.3
CVE-2023-45287 binary high go   1.19.9 7.5 fixed in 1.20.0
CVE-2023-39323 binary high go   1.19.9 8.1 fixed in 1.21.2, 1.20.9
CVE-2023-45285 binary high go   1.19.9 7.5 fixed in 1.21.5, 1.20.12
CVE-2023-29403 binary high go   1.19.9 7.8 fixed in 1.20.5, 1.19.10
CVE-2023-45283 binary high go   1.19.9 7.5 fixed in 1.21.4, 1.20.11
CVE-2023-52425 OS low libexpat expat 2.5.0-r2 0 fixed in 2.6.0-r0
CVE-2023-52426 OS low libexpat expat 2.5.0-r2 0 fixed in 2.6.0-r0
CVE-2023-25809 go low github.com/opencontainers/runc   v1.1.4 2.5 fixed in 1.1.5
CVE-2023-6992 OS medium zlib   1.2.12-r3 5.5  
CVE-2023-5678 OS medium libssl1.1,libcrypto1.1 openssl 1.1.1u-r1 5.3 fixed in 1.1.1w-r1
CVE-2023-3817 OS medium libssl1.1,libcrypto1.1 openssl 1.1.1u-r1 5.3 fixed in 1.1.1v-r0
CVE-2023-3446 OS medium libssl1.1,libcrypto1.1 openssl 1.1.1u-r1 5.3 fixed in 1.1.1u-r2
CVE-2024-0727 OS medium libssl1.1,libcrypto1.1 openssl 1.1.1u-r1 5.5  
PRISMA-2022-0164 go medium github.com/aws/aws-sdk-go   v1.35.24 5.3 fixed in v1.40.27
PRISMA-2023-0056 go medium github.com/sirupsen/logrus   v1.8.1 6.2 fixed in v1.9.3
CVE-2023-29409 binary medium go   1.19.9 5.3 fixed in 1.20.7, 1.19.12
CVE-2023-45284 binary medium go   1.19.9 5.3 fixed in 1.21.4, 1.20.11
CVE-2023-39318 binary medium go   1.19.9 6.1 fixed in 1.21.1, 1.20.8
CVE-2023-39319 binary medium go   1.19.9 6.1 fixed in 1.21.1, 1.20.8
CVE-2023-29406 binary medium go   1.19.9 6.5 fixed in 1.20.6, 1.19.11
CVE-2023-39326 binary medium go   1.19.9 5.3 fixed in 1.21.5, 1.20.12
GHSA-6xv5-86q9-7xr8 go moderate github.com/cyphar/filepath-securejoin   v0.2.3 4 fixed in 0.2.4
GHSA-jq35-85cj-fj4p go moderate github.com/docker/docker   v20.10.21 4 fixed in 20.10.27, 23.0.8, 24.0.7
CVE-2023-28842 go moderate github.com/docker/docker   v20.10.21 6.8 fixed in 23.0.3, 20.10.24
CVE-2023-28841 go moderate github.com/docker/docker   v20.10.21 6.8 fixed in 23.0.3, 20.10.24
CVE-2023-28642 go moderate github.com/opencontainers/runc   v1.1.4 6.1 fixed in 1.1.5
CVE-2023-48795 go moderate golang.org/x/crypto   v0.1.0 5.9 fixed in 0.17.0
CVE-2023-44487 go moderate golang.org/x/net   v0.4.0 5.3 fixed in 0.17.0
CVE-2023-3978 go moderate golang.org/x/net   v0.4.0 6.1 fixed in 0.13.0
CVE-2023-44487 go moderate google.golang.org/grpc   v1.51.0 5.3 fixed in 1.56.3, 1.57.1, 1.58.3
@kannon92
Copy link
Contributor

What happens if you run your scanner on https://github.com/google/cadvisor/releases/tag/v0.48.1?

@bobbypage
Copy link
Collaborator

Please use the new https://github.com/google/cadvisor/releases/tag/v0.49.1

@andoks
Copy link

andoks commented Mar 4, 2024
edited
Loading

@bobbypage: did this fix perhaps cause #3490 somehow?

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@andoks @bobbypage @kannon92 @zhai-zhe