search

kiwigrid / k8s-sidecar

This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder.
MIT License
612 stars 183 forks source link

Security vulnerability found in scan #304

Closed AdithiR closed 1 year ago

AdithiR commented 1 year ago

We see these vulnerabilities for sidecar 1.24.3

CVE-2023-37920 |   | critical | 9.8 | 2023.7.22 |   Full Path To Resource : /app/.venv/lib/python3.11/site-packages/certifi Name Custom Severity Severity Score Fix Version Acknowledged CVE-2023-37920 critical 9.8 2023.7.22
► ▼ requests /app/.venv/lib/python3.11/site-packages/requests PACKAGE 2.29.0 pypi Apache 2.0

Full Path To Resource : /app/.venv/lib/python3.11/site-packages/requests Name Custom Severity Severity Score Fix Version Acknowledged CVE-2023-32681 medium 6.1 2.31.0

tomrk-esteam8 commented 1 year ago

thanks @AdithiR , we have updated image, please check the newest one, see https://github.com/kiwigrid/k8s-sidecar/issues/301 :-)