search

observatorium / thanos-receive-controller

Kubernetes controller to automatically configure Thanos receive hashrings
Apache License 2.0
94 stars 43 forks source link

Vulnerabilities in latest docker image #134

Open abohne opened 5 months ago

abohne commented 5 months ago 
# grype --only-fixed quay.io/observatorium/thanos-receive-controller:main-2023-11-06-c57219e
 ✔ Vulnerability DB                [no update available]
 ✔ Pulled image
 ✔ Loaded image                                                                                                                                                                                                                                                                                                                                                 quay.io/observatorium/thanos-receive-controller:main-2023-11-06-c57219e
 ✔ Parsed image                                                                                                                                                                                                                                                                                                                                                 sha256:3788f75bd36ad57a71cc8f547ada4ccd9c3eed7d9f6185d2f0082521eb5aee5f
 ✔ Cataloged contents                                                                                                                                                                                                                                                                                                                                                  63a03728a2f951929d49eee395b4914c8ddcd2bc31ed93be7bafc2f129656751
   ├── ✔ Packages                        [96 packages]
   └── ✔ Executables                     [1 executables]
 ✔ Scanned for vulnerabilities     [22 vulnerability matches]
   ├── by severity: 0 critical, 7 high, 9 medium, 0 low, 0 negligible (6 unknown)
   └── by status:   7 fixed, 15 not-fixed, 0 ignored
NAME                        INSTALLED  FIXED-IN  TYPE       VULNERABILITY        SEVERITY
golang.org/x/crypto         v0.1.0     0.17.0    go-module  GHSA-45x7-px36-x8w8  Medium
golang.org/x/net            v0.7.0     0.17.0    go-module  GHSA-4374-p667-p6c8  High
golang.org/x/net            v0.7.0     0.17.0    go-module  GHSA-qppj-fm5r-hxr3  Medium
golang.org/x/net            v0.7.0     0.13.0    go-module  GHSA-2wrh-6pvc-2jm9  Medium
google.golang.org/grpc      v1.40.0    1.56.3    go-module  GHSA-m425-mq94-257g  High
google.golang.org/grpc      v1.40.0    1.56.3    go-module  GHSA-qppj-fm5r-hxr3  Medium
google.golang.org/protobuf  v1.28.1    1.33.0    go-module  GHSA-8r3f-844c-mc37  Medium