Open dsmithsl opened 3 days ago
$ grype --version grype 0.79.1
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY busybox 1.36.1-r15 1.36.1-r16 apk CVE-2023-42366 Medium busybox 1.36.1-r15 1.36.1-r19 apk CVE-2023-42365 Medium busybox 1.36.1-r15 1.36.1-r19 apk CVE-2023-42364 Medium busybox 1.36.1-r15 1.36.1-r17 apk CVE-2023-42363 Medium busybox-binsh 1.36.1-r15 1.36.1-r16 apk CVE-2023-42366 Medium busybox-binsh 1.36.1-r15 1.36.1-r19 apk CVE-2023-42365 Medium busybox-binsh 1.36.1-r15 1.36.1-r19 apk CVE-2023-42364 Medium busybox-binsh 1.36.1-r15 1.36.1-r17 apk CVE-2023-42363 Medium curl 8.5.0-r0 apk CVE-2024-0853 Medium curl 8.5.0-r0 apk CVE-2024-2466 Unknown curl 8.5.0-r0 apk CVE-2024-2398 Unknown curl 8.5.0-r0 apk CVE-2024-2004 Unknown golang.org/x/net v0.22.0 0.23.0 go-module GHSA-4v7x-pqxf-cx7m Medium libcrypto3 3.1.4-r6 3.1.6-r0 apk CVE-2024-5535 Unknown libcrypto3 3.1.4-r6 3.1.6-r0 apk CVE-2024-4741 Unknown libcrypto3 3.1.4-r6 3.1.5-r0 apk CVE-2024-4603 Unknown libssl3 3.1.4-r6 3.1.6-r0 apk CVE-2024-5535 Unknown libssl3 3.1.4-r6 3.1.6-r0 apk CVE-2024-4741 Unknown libssl3 3.1.4-r6 3.1.5-r0 apk CVE-2024-4603 Unknown libxml2 2.11.7-r0 2.11.8-r0 apk CVE-2024-34459 Unknown nghttp2-libs 1.58.0-r0 apk CVE-2024-28182 Medium nginx 1.25.3 binary CVE-2024-24990 High nginx 1.25.3 binary CVE-2024-24989 High nginx 1.25.3 binary CVE-2024-35200 Medium nginx 1.25.3 binary CVE-2024-34161 Medium nginx 1.25.3 binary CVE-2024-32760 Medium nginx 1.25.3 binary CVE-2024-31079 Medium openssl 3.1.4-r6 3.1.6-r0 apk CVE-2024-5535 Unknown openssl 3.1.4-r6 3.1.6-r0 apk CVE-2024-4741 Unknown openssl 3.1.4-r6 3.1.5-r0 apk CVE-2024-4603 Unknown ssl_client 1.36.1-r15 1.36.1-r16 apk CVE-2023-42366 Medium ssl_client 1.36.1-r15 1.36.1-r19 apk CVE-2023-42365 Medium ssl_client 1.36.1-r15 1.36.1-r19 apk CVE-2023-42364 Medium ssl_client 1.36.1-r15 1.36.1-r17 apk CVE-2023-42363 Medium stdlib go1.22.2 go-module CVE-2024-24790 Critical stdlib go1.22.2 go-module CVE-2024-24789 Medium stdlib go1.22.2 go-module CVE-2024-24788 Unknown stdlib go1.22.2 go-module CVE-2024-24787 Unknown yajl 2.1.0-r8 2.1.0-r9 apk CVE-2023-33460 Medium
registry.k8s.io/ingress-nginx/controller:v1.10.1
/unassign
We are working on a release this week.
/assign @strongjz /triage accepted /kind bug
What scanner and version reported the CVE?
$ grype --version grype 0.79.1
What CVE was reported in the scanner findings?
What versions of the controller did you test with?
registry.k8s.io/ingress-nginx/controller:v1.10.1