Describe the bug
Running Trivy on a Docker image that contains the kubeseal 0.27.1 binary gives the following output:
┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib │ CVE-2024-34156 │ HIGH │ fixed │ 1.22.5 │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│ │ │ │ │ │ │ which contains deeply nested structures... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-34156 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘
To Reproduce
Build a Docker image with kubeseal 0.27.1 binary
Run Trivy on the Docker image.
Expected behavior
Version of Kubernetes:
No engagement with Kubernetes required.
Additional context
Could you please make a release built with a more recent stdlib so security scanners don't flag the binary as containing a high severity vulnerability?
Which component: kubeseal 0.27.1
Describe the bug Running Trivy on a Docker image that contains the kubeseal 0.27.1 binary gives the following output:
To Reproduce
Expected behavior
Version of Kubernetes:
No engagement with Kubernetes required.
Additional context
Could you please make a release built with a more recent stdlib so security scanners don't flag the binary as containing a high severity vulnerability?