search

hypertrace / hypertrace-collector

OpenTelemetry collector distribution for Hypertrace platform
6 stars 5 forks source link

fix: update docker/docker mod to v26.1.4 to fix vulnerability #133

Closed tim-mwangi closed 2 months ago

tim-mwangi commented 2 months ago

Description

This fixes this vulnerability. First seen here https://github.com/hypertrace/hypertrace-collector/actions/runs/10222417768/job/28286961907

usr/local/bin/hypertrace/collector (gobinary)
=============================================
Total: 1 (HIGH: 0, CRITICAL: 1)

┌──────────────────────────┬────────────────┬──────────┬────────┬──────────────────────┬─────────────────────────────────┬────────────────────────────────────────────┐
│         Library          │ Vulnerability  │ Severity │ Status │  Installed Version   │          Fixed Version          │                   Title                    │
├──────────────────────────┼────────────────┼──────────┼────────┼──────────────────────┼─────────────────────────────────┼────────────────────────────────────────────┤
│ github.com/docker/docker │ CVE-2024-4[111](https://github.com/hypertrace/hypertrace-collector/actions/runs/10222417768/job/28286961907#step:5:118)0 │ CRITICAL │ fixed  │ v25.0.5+incompatible │ 23.0.14, 26.1.4, 27.1.0, 25.0.6 │ moby: Authz zero length regression         │
│                          │                │          │        │                      │                                 │ https://avd.aquasec.com/nvd/cve-2024-41110 │
└──────────────────────────┴────────────────┴──────────┴────────┴──────────────────────┴─────────────────────────────────┴────────────────────────────────────────────┘

Testing

Tested locally

Checklist: