search

aws / amazon-vpc-cni-k8s

Networking plugin repository for pod networking in Kubernetes using Elastic Network Interfaces on AWS
Apache License 2.0
2.28k stars 743 forks source link

Fix CVE Vulnerabilities #3111

Closed yash-acquia closed 1 week ago

yash-acquia commented 1 week ago

What happened? An Orca scan detected the following CVEs: aws-node-init --> CVE-2024-34156 aws-vpc-cni/aws-node --> CVE-2024-24790 aws-vpc-cni/aws-node-webeip --> CVE-2024-24790

What you expected to happen? Please address the identified CVEs. Vulnerability_id Package Name Vulnerable Version Fixed Version Type Severity
CVE-2024-34156 stdlib 1.22.4 1.22.7, 1.23.1 gobinary HIGH
CVE-2024-24790 stdlib 1.20.14 1.21.11, 1.22.4 gobinary CRITICAL

Environment:

orsenthil commented 1 week ago

Hello @yash-acquia , for security related issues, could you please follow the instructions here https://github.com/aws/amazon-vpc-cni-k8s?tab=readme-ov-file#security-disclosures and raise an internal request.

github-actions[bot] commented 1 week ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one.