search

kiwigrid / k8s-sidecar

This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder.
MIT License
613 stars 183 forks source link

Findings on kiwigrid/k8s-sidecar:1.19.5 #228

Closed vartikavr closed 2 years ago

vartikavr commented 2 years ago

Hi team, We are currently using kiwigrid/k8s-sidecar:1.19.5 images, which are being marked as vulnerable with below descriptions:

Vulnerability Name Image Id Description Solution
Alpine Linux Security Update for expat sha256:84866dc00a241ec35dbd2b74264f7b161d75d46831796851723380eda4a6f2f5 Alpine Linux has released a security update for expat to fix the vulnerabilities. Affected versions: Alpine Linux 3.14 Alpine Linux 3.15 Alpine Linux 3.16 Affected Package versions prior to 2.4.9-r0. Refer to Alpine Linux advisory for updates and patch information. Patch: Following are links for downloading patches to fix the vulnerabilities: expat-2.4.9-r0:Alpine Linux
Alpine Linux Security Update for expat sha256:cc906e4efaa0fa27cb3cb61d34bf225c401061f3acbea36feb26c48936e664c1 Alpine Linux has released a security update for expat to fix the vulnerabilities. Refer to Alpine Linux advisory expat for updates and patch information.
Alpine Linux Security Update for expat sha256:dfa0717b9a21b5a3cb2e1d97da1cd15bf3100312a639d9d39153de7e73b7a5d3 Alpine Linux has released a security update for expat to fix the vulnerabilities. Refer to Alpine Linux advisory expat for updates and patch information.

Kind request to please assist us with its plan for fixes.

jekkel commented 2 years ago

could you try just released version 1.19.6 ?

hpvd commented 2 years ago

there is a fresh new full release of alpine 3.17, see https://www.alpinelinux.org/posts/Alpine-3.17.0-released.html

vartikavr commented 2 years ago

Shifting to the newer version helped. Thanks. Closing this issue.