search

grafana / loki

Like Prometheus, but for logs.
https://grafana.com/loki
GNU Affero General Public License v3.0
23.89k stars 3.45k forks source link

Update loki image 3.1.0, it has Critical and High CVEs #13585

Open earimont-ib opened 3 months ago

earimont-ib commented 3 months ago

https://github.com/grafana/loki/blob/65697676e610ee7b32d671a050f6ac38fb1e3ad1/production/helm/loki/values.yaml#L51

Critical

CVE-2024-24790 CVE-2024-5535

High

CVE-2024-24791

Medium

CVE-2023-42366 CVE-2023-42365 CVE-2023-42364
CVE-2023-42363
CVE-2023-6129

duj4 commented 3 months ago

hi @earimont-ib , may I know how you found this vulnerabilities?

earimont-ib commented 3 months ago

@duj4 Using the Vulnerability Scanning Feature of Harbor https://github.com/goharbor/harbor