investigate/fix what we need to update in response to CVE-2023-44487 HTTP2 rapid reset - Githubissues

opendatahub-io / data-science-pipelines-tekton

Kubeflow Pipelines on Tekton

https://developer.ibm.com/blogs/kubeflow-pipelines-with-tekton-and-watson/

Apache License 2.0

0 stars 19 forks source link

investigate/fix what we need to update in response to CVE-2023-44487 HTTP2 rapid reset #163

Closed gregsheremeta closed 1 year ago

gregsheremeta commented 1 year ago

investigate what we need to update in response to CVE-2023-44487 HTTP2 rapid reset

potentially includes updating base images and updating libraries that contain http servers

Acceptance criteria:

creation of new card(s) that list out what we need to fix

gregsheremeta commented 1 year ago

Snyk has some suggestions: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/reporting?context[page]=issues-detail&issue_status=Open&issue_by=Severity&table_issues_detail_cols=SCORE%257CCVE%257CCWE%257CPROJECT%257CEXPLOIT%2520MATURITY%257CAUTO%2520FIXABLE%257CINTRODUCED%257CSNYK%2520PRODUCT&table_issues_detail_sort=%2520CVE%2520DESC&cve=%257B%2522CVE%2522%253A%255B%2522CVE-2023-44487%2522%255D%257D