Closed thedadams closed 1 year ago
A trivy scan of the repo indicates that there a few CVE issues with dependencies (likely k8s libraries). Please consider updating the libraries to address the (>= HIGH) vulnerabilities.
trivy
+-----------------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-----------------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+ | github.com/dgrijalva/jwt-go | CVE-2020-26160 | HIGH | 3.2.0+incompatible | v4.0.0-preview1 | jwt-go: access restriction | | | | | | | bypass vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2020-26160 | +-----------------------------+------------------+ +-----------------------------------+------------------------------------+---------------------------------------+ | golang.org/x/crypto | CVE-2020-29652 | | 0.0.0-20190820162420-60c769a6c586 | v0.0.0-20201216223049-8b5274cf687f | golang: crypto/ssh: crafted | | | | | | | authentication request can | | | | | | | lead to nil pointer dereference | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29652 | + +------------------+ + +------------------------------------+---------------------------------------+ | | CVE-2020-9283 | | | v0.0.0-20200220183623-bac4c82f6975 | golang.org/x/crypto: Processing | | | | | | | of crafted ssh-ed25519 | | | | | | | public keys allows for panic | | | | | | | -->avd.aquasec.com/nvd/cve-2020-9283 | +-----------------------------+------------------+----------+-----------------------------------+------------------------------------+---------------------------------------+
A
trivyscan of the repo indicates that there a few CVE issues with dependencies (likely k8s libraries). Please consider updating the libraries to address the (>= HIGH) vulnerabilities.