search

kubernetes-csi / node-driver-registrar

Sidecar container that registers a CSI driver with the kubelet using the kubelet plugin registration mechanism.
Apache License 2.0
123 stars 133 forks source link

v2.9.0 showing HIGH Vulnerability CVE-2023-44487 #347

Closed mitchellmaler closed 5 months ago

mitchellmaler commented 8 months ago

Hello, Our security tooling is showing that v2.9.0 has the vulnerability CVE-2023-44487. This requires upgrading to a newer golang patch to pull in the latest net package. Screenshot 2023-10-27 at 9 18 20 AM

jsafrane commented 5 months ago

This has been fixed for sure in v2.10.0, where we use go 1.21.5. I think it's also fixed in 2.9.3, which uses github.com/grpc/grpc-go v1.59.0 that has the issue fixed. /close

k8s-ci-robot commented 5 months ago

@jsafrane: Closing this issue.

In response to [this](https://github.com/kubernetes-csi/node-driver-registrar/issues/347#issuecomment-1916833190): >This has been fixed for sure in v2.10.0, where we use go 1.21.5. >I think it's also fixed in 2.9.3, which uses github.com/grpc/grpc-go v1.59.0 that has the issue fixed. >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.