Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE reported for gopkg.in/yaml.v3 #199

Closed
kunhwiko opened this issue Apr 6, 2023 · 3 comments · Fixed by #214
Closed

CVE reported for gopkg.in/yaml.v3 #199

kunhwiko opened this issue Apr 6, 2023 · 3 comments · Fixed by #214
Labels
CVE Pull requests that update a dependency file good first issue

Comments

@kunhwiko
Copy link

kunhwiko commented Apr 6, 2023
edited
Loading

Hello Team, our JFrog scan reported 3 high CVEs for kube-mgmt version 8.1.0

Screenshot 2023-04-06 at 1 39 50 PM

I do think that the vulnerability for golang.org/x/net has been resolved in the master branch (are there any plans to have a new release version soon?), but at the same time, wondering if it is possible to look into the vulnerability for gopkg.in/yaml.v3
@eshepelyuk
Copy link
Contributor

Hello @kunhwiko
PRs are welcome

@eshepelyuk eshepelyuk added CVE Pull requests that update a dependency file good first issue labels May 31, 2023
@saranyareddy24
Copy link
Contributor

Working on it.

@saranyareddy24 saranyareddy24 mentioned this issue Jun 10, 2023
Merged
@eshepelyuk
Copy link
Contributor

@saranyareddy24 maybe you're willing to also take a look at #191 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CVE Pull requests that update a dependency file good first issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixing CVE-2022-28948
3 participants
@eshepelyuk @saranyareddy24 @kunhwiko