search

chartmuseum / helm-push

Helm plugin to push chart package to ChartMuseum
Apache License 2.0
670 stars 170 forks source link

CVE-2022-1996 #183

Closed dzhakhaya closed 1 year ago

dzhakhaya commented 1 year ago

Hi!

We use your application in docker and found such a vulnerability when checking with a trivy scan. Total: 1 (CRITICAL: 1) ┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ │ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ │ └────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

needs to be updated packeges, can you fix it?

leventyalcin commented 1 year ago

I think this requires a little care and bump ups. I also scan for critical and high severities and these are the current vulnerabilities; 

## github.com/emicklei/go-restful-v2.9.5+incompatible
CVE-2022-1996
## golang.org/x/net-v0.0.0-20220127200216-cd36cc0744dd
CVE-2022-27664
## golang.org/x/text-v0.3.7
CVE-2022-32149
## gopkg.in/yaml.v3-v3.0.0-20210107192922-496545a6307b
CVE-2022-28948
nerdeveloper commented 1 year ago

Thank you, I am closing this.

leventyalcin commented 1 year ago

Hi @nerdeveloper,

The PR seems to be merged. Thanks for that.

Do you mind creating a tag also? The new tag will create a new release and helm plugin install.... could install fixed version on our ends.

Cheers,