Open WestonReed opened 3 months ago
Thanks @WestonReed,
We are addressing the issue and a fix will be present in a near release. We will update this issue with more information once released.
-Taylor
Also not mentioned by the above but /usr/bin/k8s-neuron-device-plugin
is built with go1.20.4 which is susceptible to https://github.com/advisories/GHSA-4v7x-pqxf-cx7m
Adam,
Ack on the two issues raised. will it be ok if team reply on Tuesday US time as Monday is a public holiday ?
Sent from my iPhone
On May 27, 2024, at 9:35 AM, Adam Malcontenti-Wilson @.***> wrote:
Also not mentioned by the above but /usr/bin/k8s-neuron-device-plugin is built with go1.20.4 which is susceptible to GHSA-4v7x-pqxf-cx7mhttps://github.com/advisories/GHSA-4v7x-pqxf-cx7m
— Reply to this email directly, view it on GitHubhttps://github.com/aws-neuron/aws-neuron-sdk/issues/852#issuecomment-2132740875, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AFTRWCNOAZ7ZVZAF5R4OL4TZELHYBAVCNFSM6AAAAABEY2JPGSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZSG42DAOBXGU. You are receiving this because you are subscribed to this thread.Message ID: @.***>
@adammw Thanks for reporting the issue. We are looking into fixing CVE-2023-45288 in next neuron SDK release.
Hello, I am unsure if this is the right place to report this, but there are some known high & medium vulnerabilities in the latest publicly available build of the
neuron-device-plugin
container found here.Here is the command you may use to reproduce this: