kiwigrid/k8s-sidecar:1.21.0 affected with CVE-2022-40674

kiwigrid / k8s-sidecar

This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder.

MIT License

612 stars 183 forks source link

kiwigrid/k8s-sidecar:1.21.0 affected with CVE-2022-40674 #238

Closed TarekAljabban closed 1 year ago

TarekAljabban commented 1 year ago

Our security scanning shows 1.21.0 version flagged due to a vulnerability with the expat library. CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-40674

jekkel commented 1 year ago

Is v1.21.1 also affected?

TarekAljabban commented 1 year ago

@jekkel 1.21.0 was the most recent version when I filed this issue.

jekkel commented 1 year ago

I appreciate, but if the CVE is not present in the latest version I'd close the ticket, if you agree?

jekkel commented 1 year ago

please reopen if the current latest version is still affected.