Open vasireddy99 opened 2 weeks ago
Hi @vasireddy99,
this is not true. We have a dependency that has that vulnerability, but we don't use encoding/gob
package, so we are NOT vulnerable.
I will take this as an opportunity to bump the deps soon, before people become upset that their vuln scanners report this.
Hi @vasireddy99,
this is not true. We have a dependency that has that vulnerability, but we don't use
encoding/gob
package, so we are NOT vulnerable.I will take this as an opportunity to bump the deps soon, before people become upset that their vuln scanners report this.
Yes, I used govulncheck and it didn't show any vuln as affected. But it just the scanners that report. I agree
Team,
kube-rbac-proxy image is vulnerable to
CVE-2024-34156
. In kube-rbace-proxy workflow image built is using 1.23. it seems bumping the go version to1.23.1
will mitigate the issue.Use go version -
~1.23.1