-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Report the use of components with vulnerabilities in spiderpool #3472
Labels
good first issue
Denotes an issue ready for a new contributor, according to the "help wanted" guidelines.
Comments
Thank you for your reply!This problem issue does not duplicate #3420.This
report lists the components with vulnerabilities introduced in this
project and their corresponding risks, which are not RBAC risks. Please ask
your team to confirm and fix them further.
Cyclinder ***@***.***> 于2024年5月8日周三 18:13写道:
… Hi @HouqiyuA <https://github.com/HouqiyuA>, Thanks for your report. Is
the issue duplicated with #3420
<#3420>?
—
Reply to this email directly, view it on GitHub
<#3472 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BBBY3LSJAKVFZSHMDP6Y4LLZBH3FPAVCNFSM6AAAAABHMFJC3OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBQGIZTQMJXHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Thanks @HouqiyuA, It seems these components with vulnerabilities come from |
Thanks ! Are these risky components actually being introduced into your
project?I am not sure if cilium has been fixed accordingly, but I have
found that the cilium introduced in your current project is not their
latest version, and using the latest version of it may resolve these issues.
Cyclinder ***@***.***> 于2024年5月9日周四 11:11写道:
… Thanks @HouqiyuA <https://github.com/HouqiyuA>, It seems these components
with vulnerabilities come from cilium, we just referenced it. Will
upstream of cilium fix these vulnerabilities?
—
Reply to this email directly, view it on GitHub
<#3472 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BBBY3LUVVRIHUW3CL4MCF43ZBLSOPAVCNFSM6AAAAABHMFJC3OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBRHA2TIOBUHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Spiderpool doesn't use cilium directly, or only a tiny part of it, so it has a limited reach, but upgrading the cilium version is good, so I'll be upgrading it later. |
cyclinder
added
the
good first issue
Denotes an issue ready for a new contributor, according to the "help wanted" guidelines.
label
May 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
good first issue
Denotes an issue ready for a new contributor, according to the "help wanted" guidelines.
Spiderpool Version
v1.0.0
Bug Type
Other
Main CNI
None
What happened?
Dear Team Members:
Greetings! Our team is very interested in your project. we performed source code perspective security analysis (SCA) and vulnerability library association analysis on this project and found that components with vulnerabilities are still being used into this project.We would like to report this issue to you,so that you can fix and improve it accordingly. I add the details in json file below. Please confirm whether this problem really exists and confirm with us. Looking forward to hearing from you and discussing more details with us, thank you very much for your time and attention.
Note: Each "affect_components" field in the report represents the vulnerable component introduced by this project. The other is the vulnerability information associated with it.
Qiyu Hou
spiderpool-main_report.json
What did you expect to happen?
None
How to reproduce it (as minimally and precisely as possible)
None
Additional Context
None
The text was updated successfully, but these errors were encountered: