search

open-policy-agent / kube-mgmt

Sidecar for managing OPA instances in Kubernetes.
Apache License 2.0
235 stars 105 forks source link

High Vulnerability Found in version `8.5.7` with Snyk scan for the latest image of kube-mgmt #253

Open mlajkim opened 4 months ago

mlajkim commented 4 months ago

Background

Vulnerability found: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285

 ✗ High severity vulnerability found in golang.org/x/net/http2
03:19:59   Description: Allocation of Resources Without Limits or Throttling
03:19:59   Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285
03:19:59   Introduced through: k8s.io/client-go/rest@0.23.17, k8s.io/apimachinery/pkg/watch@0.23.17, k8s.io/client-go/tools/cache@0.23.17, k8s.io/client-go/dynamic@0.23.17, k8s.io/client-go/kubernetes@0.23.17, k8s.io/apimachinery/pkg/apis/meta/v1@0.23.17, k8s.io/client-go/tools/clientcmd@0.23.17, k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.17, k8s.io/apimachinery/pkg/api/meta@0.23.17, k8s.io/api/core/v1@0.23.17, k8s.io/apimachinery/pkg/runtime/serializer@0.23.17
03:19:59   From: k8s.io/client-go/rest@0.23.17 > golang.org/x/net/http2@0.17.0
03:19:59   From: k8s.io/client-go/rest@0.23.17 > golang.org/x/net/http2@0.17.0
03:19:59   From: k8s.io/apimachinery/pkg/watch@0.23.17 > k8s.io/apimachinery/pkg/util/net@0.23.17 > golang.org/x/net/http2@0.17.0
03:19:59   and 59 more...
03:19:59   Fixed in: 0.23.0