search

GoogleCloudPlatform / container-engine-accelerators

Collection of tools and examples for managing Accelerated workloads in Kubernetes Engine
Apache License 2.0
210 stars 150 forks source link

Multiple high severity CVEs on latest nvidia-device-plugin(v1.0.20) #303

Open sakshisharma84 opened 1 year ago

sakshisharma84 commented 1 year ago

We use the latest version of nvidia-device-plugin(v1.0.20) and the following packages report some high vulnerabilities by the sysdig scanner.

  1. github.com/prometheus/client_golang: CVE-2022-21698
  2. golang.org/x/net : CVE-2021-33194, CVE-2021-44716, CVE-2022-27664, CVE-2022-41723
  3. golang.org/x/text: CVE-2021-38561 , CVE-2022-32149
Screenshot 2023-07-24 at 12 14 08 PM

Are there any plans to fix them anytime soon?

sakshisharma84 commented 10 months ago

Two more high CVEs added to the list: golang.org/x/net : CVE-2023-39325 and CVE-2023-44487

Screenshot 2023-10-19 at 2 56 57 PM