Closed kingnarmer closed 4 months ago
Please remediate 4.2.2 security vulnerabilities.
trivy image --ignore-unfixed --severity HIGH,CRITICAL registry.k8s.io/git-sync/git-sync:v4.2.2 --scanners vuln 2024-05-06T07:36:12-04:00 INFO Vulnerability scanning is enabled 2024-05-06T07:36:13-04:00 INFO Detected OS family="debian" version="12.5" 2024-05-06T07:36:13-04:00 INFO [debian] Detecting vulnerabilities... os_version="12" pkg_num=64 2024-05-06T07:36:13-04:00 INFO Number of language-specific files num=1 2024-05-06T07:36:13-04:00 INFO [gobinary] Detecting vulnerabilities... registry.k8s.io/git-sync/git-sync:v4.2.2 (debian 12.5) Total: 2 (HIGH: 2, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼────────────────────────────────────────────────────────┤ │ libc6 │ CVE-2024-2961 │ HIGH │ fixed │ 2.36-9+deb12u4 │ 2.36-9+deb12u6 │ glibc: Out of bounds write in iconv may lead to remote │ │ │ │ │ │ │ │ code... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-2961 │ │ ├────────────────┤ │ │ ├────────────────┼────────────────────────────────────────────────────────┤ │ │ CVE-2024-33599 │ │ │ │ 2.36-9+deb12u7 │ glibc: stack-based buffer overflow in netgroup cache │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-33599 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴────────────────────────────────────────────────────────┘
https://github.com/kubernetes/git-sync/releases/tag/v4.2.3
Please remediate 4.2.2 security vulnerabilities.