search

jimmidyson / configmap-reload

Simple binary to trigger a reload when a Kubernetes ConfigMap is updated
Apache License 2.0
983 stars 193 forks source link

CVE's in latest version of configmap-reload image v0.10.0 #87

Closed nshelke777 closed 1 year ago

nshelke777 commented 1 year ago

Have too many CVE's in latest version of configmap-reload image version v0.10.0, (6 Critical, 8 High, 8 Medium, 2 Low),

Screenshot 2023-05-25 at 1 41 26 PM

These all CVE's are coming from glibc Executable from busybox. Can we get this fixed in the latest planned version sooner because this has Critical CVE's as well.

Trivy scan Report shows below showstoppers -

CRITICAL

CVE-2021-35942 CVE-2022-23219 CVE-2022-23218

HIGH

CVE-2020-1752 CVE-2020-6096 CVE-2021-3326 CVE-2021-38604

jimmidyson commented 1 year ago

Thanks for the report. I've fixed this in v0.11.0 by moving to distroless base image.