Closed WahidSyed closed 2 months ago
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
curl is not in the direct path of HTTP requests from clients using ingress I think.
this will get patched when the next release is out.
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev
on Kubernetes Slack.
% grype registry.k8s.io/ingress-nginx/controller:v1.10.2@sha256:e3311b3d9671bc52d90572bcbfb7ee5b71c985d6d6cffd445c241f1e2703363c
✔ Vulnerability DB [no update available]
✔ Pulled image
✔ Loaded image registry.k8s.io/ingress-nginx/controller:v1.10.2@sha256:e3311b3d9671bc52d90572bcbfb7ee5b71c985d6d6cffd445c241f1e2703363c
✔ Parsed image sha256:25f75d3a80c867fbbe3cbb379d339bea26de76ba120c8cc2f5628dc32a7aca5a
✔ Cataloged contents a9e7db68ea193728cedb9b62e231c65516736d3e8a0d9d8a7e25b34e41b5730a
├── ✔ Packages [209 packages]
├── ✔ File digests [783 files]
├── ✔ File metadata [783 locations]
└── ✔ Executables [214 executables]
✔ Scanned for vulnerabilities [7 vulnerability matches]
├── by severity: 0 critical, 0 high, 4 medium, 0 low, 0 negligible (3 unknown)
└── by status: 0 fixed, 7 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
nginx 1.25.5 binary CVE-2024-35200 Medium
nginx 1.25.5 binary CVE-2024-34161 Medium
nginx 1.25.5 binary CVE-2024-32760 Medium
nginx 1.25.5 binary CVE-2024-31079 Medium
stdlib go1.22.4 go-module CVE-2024-24791 Unknown
[~]
%
/close
@longwuyuan: Closing this issue.
vulnerability (CVE-2022-27782) in the curl package that's installed. The installed version of curl is 7.79.1-r0, and the vulnerability is marked as HIGH severity. The fixed version is 7.79.1-r2.
vulnerability (CVE-2022-27782) in the curl package that's installed. The installed version of curl is 7.79.1-r0, and the vulnerability is marked as HIGH severity. The fixed version is 7.79.1-r2.
vulnerability (CVE-2022-27782) in the curl package that's installed. The installed version of curl is 7.79.1-r0, and the vulnerability is marked as HIGH severity. The fixed version is 7.79.1-r2.