gavinbunney / terraform-provider-kubectl

Terraform provider to handle raw kubernetes manifest yaml files
https://registry.terraform.io/providers/gavinbunney/kubectl
Mozilla Public License 2.0
628 stars 108 forks source link

Terraform kubcectl provider sysdig scan shows critical vulnerability #292

Open nandikatlakishore opened 6 months ago

nandikatlakishore commented 6 months ago

While scanning the terraform kubectl provider plugin, sysdig scan is reporting critical vulnerability. below are the details.

Severity; critical package : github.com/hashicorp/go-getter - v1.5.3 package path : /usr/local/share/terraform/plugins/registry.terraform.io/gavinbunney/kubectl/1.14.0/linux_amd64/terraform-provider-kubectl_v1.14.0 Fixed in v1.6.1

Can you help with overcoming this vulnerability

alekc commented 6 months ago

If you want updated kubectl provider your better bet would be to switch to https://registry.terraform.io/providers/alekc/kubectl/latest/docs (full disclosure: I am the author).

It's a maintained fork of this repo with some additional features/hot fixes.