Vulnerabilities in image jimmidyson/configmap-reload:v0.7.1

[KR411-prog]

Please take care of the Vulnerabilities in image jimmidyson/configmap-reload:v0.7.1 Scan results for: image jimmidyson/configmap-reload:v0.7.1 sha256:db09e1c4a336e6a36a43b8910f8cc474a36ee05a5237ac296362df43bc246df7 Vulnerabilities +----------------+----------+------+---------+---------+--------------------------+-----------+------------+----------------------------------------------------+ |  CVE  | SEVERITY | CVSS | PACKAGE | VERSION |  STATUS  | PUBLISHED | DISCOVERED |  DESCRIPTION  | +----------------+----------+------+---------+---------+--------------------------+-----------+------------+----------------------------------------------------+ | CVE-2022-23806 | critical | 9.10 | go | 1.17.6 | fixed in 1.17.7, 1.16.14 | 49 days | < 1 hour | Curve.IsOnCurve in crypto/elliptic in Go before | | | | | | | 49 days ago | | | 1.16.14 and 1.17.x before 1.17.7 can incorrectly | | | | | | | | | | return true in situations with a big.Int value | | | | | | | | | | that i... | +----------------+----------+------+---------+---------+--------------------------+-----------+------------+----------------------------------------------------+ | CVE-2022-27191 | high | 7.50 | go | 1.17.6 | fixed in 0.0.0 | 14 days | < 1 hour | golang.org/x/crypto/ssh before | | | | | | | 14 days ago | | | 0.0.0-20220314234659-1baeb1ce4c0b in Go through | | | | | | | | | | 1.16.15 and 1.17.x through 1.17.8 allows an | | | | | | | | | | attacker to crash a server ... | +----------------+----------+------+---------+---------+--------------------------+-----------+------------+----------------------------------------------------+ | CVE-2022-24921 | high | 7.50 | go | 1.17.6 | fixed in 1.17.8, 1.16.15 | 27 days | < 1 hour | regexp.Compile in Go before 1.16.15 and 1.17.x | | | | | | | 27 days ago | | | before 1.17.8 allows stack exhaustion via a deeply | | | | | | | | | | nested expression. | +----------------+----------+------+---------+---------+--------------------------+-----------+------------+----------------------------------------------------+ | CVE-2022-23773 | high | 7.50 | go | 1.17.6 | fixed in 1.17.7, 1.16.14 | 49 days | < 1 hour | cmd/go in Go before 1.16.14 and 1.17.x before | | | | | | | 49 days ago | | | 1.17.7 can misinterpret branch names that falsely | | | | | | | | | | appear to be version tags. This can lead to | | | | | | | | | | incorrect ... | +----------------+----------+------+---------+---------+--------------------------+-----------+------------+----------------------------------------------------+ | CVE-2022-23772 | high | 7.50 | go | 1.17.6 | fixed in 1.17.7, 1.16.14 | 49 days | < 1 hour | Rat.SetString in math/big in Go before 1.16.14 and | | | | | | | 49 days ago | | | 1.17.x before 1.17.7 has an overflow that can lead | | | | | | | | | | to Uncontrolled Memory Consumption. | +----------------+----------+------+---------+---------+--------------------------+-----------+------------+----------------------------------------------------+

Vulnerabilities found for image jimmidyson/configmap-reload:v0.7.1: total - 5, critical - 1, high - 4, medium - 0, low - 0 Vulnerability threshold check results: PASS

Compliance found for image jimmidyson/configmap-reload:v0.7.1: total - 0, critical - 0, high - 0, medium - 0, low - 0 Compliance threshold check results: PASS

[jimmidyson]

Thanks for reporting! I have rebuilt and republished the v0.7.1 images so I'm going to close this. If you rescan and still find vulnerabilities, please reopen this issue.