observed below vulnerability issues on the latest image

[Srujansgit]

Expected behaviour

Better to fix the vulnerabilities

What do you want to achieve?

Actual behaviour

What is happening? Are all the pieces created? Can you access to the service?

Steps to reproduce the behaviour

Describe step by step what you've have done to get to this point

Environment

How are the pieces configured?

• Redis Operator version
• Kubernetes version
• Kubernetes configuration used (eg: Is RBAC active?)

Logs

NA

                                                 0.0s

=> => transferring context: 2B 0.0s => [build 1/5] FROM docker.io/library/golang:1.20-alpine@sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f 0.0s => [stage-1 1/4] FROM docker.io/library/alpine:latest@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd 0.0s => [internal] load build context 0.1s => => transferring context: 17.38kB 0.1s => CACHED [build 2/5] RUN apk --no-cache add bash 0.0s => CACHED [build 3/5] WORKDIR /src 0.0s => [build 4/5] COPY . . 0.9s => ERROR [build 5/5] RUN GOOS=linux GOARCH=amd64 VERSION=$VERSION ./scripts/build.sh 13.5s

[build 5/5] RUN GOOS=linux GOARCH=amd64 VERSION=$VERSION ./scripts/build.sh: 0.910 Building linux/amd64 release... 0.910 Building binary at ./bin/redis-operator 1.137 go: downloading github.com/prometheus/client_golang v1.16.0 1.462 go: downloading k8s.io/client-go v0.27.3 3.037 go: downloading github.com/beorn7/perks v1.0.1 3.054 go: downloading github.com/cespare/xxhash/v2 v2.2.0 3.070 go: downloading github.com/prometheus/client_model v0.3.0 3.084 go: downloading github.com/prometheus/common v0.42.0 3.141 go: downloading github.com/prometheus/procfs v0.10.1 3.228 go: downloading google.golang.org/protobuf v1.30.0 4.422 go: downloading k8s.io/apiextensions-apiserver v0.24.4 4.588 go: downloading github.com/sirupsen/logrus v1.9.3 4.618 go: downloading github.com/spotahome/kooper/v2 v2.4.0 4.765 go: downloading k8s.io/apimachinery v0.27.3 4.961 go: downloading k8s.io/api v0.27.3 5.641 go: downloading github.com/go-redis/redis/v8 v8.11.5 5.691 go: downloading golang.org/x/oauth2 v0.5.0 5.741 go: downloading k8s.io/klog/v2 v2.90.1 6.172 go: downloading github.com/golang/protobuf v1.5.3 6.223 go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.4 6.242 go: downloading golang.org/x/sys v0.8.0 github.com/stretchr/testify v1.8.4 k8s.io/api v0.27.3 k8s.io/apiextensions-apiserver v0.24.4 k8s.io/apimachinery v0.27.3 k8s.io/client-go v0.27.3 )

require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.1 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.42.0 // indirect github.com/prometheus/procfs v0.10.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/objx v0.5.0 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.5.0 // indirect golang.org/x/sys v0.8.0 // indirect golang.org/x/term v0.6.0 // indirect golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect "go.mod" 67L, 2873B 50,25-32 42% 6.909 go: downloading k8s.io/utils v0.0.0-20230209194617-a36077c30491 github.com/stretchr/testify v1.8.4 k8s.io/api v0.27.3 k8s.io/apiextensions-apiserver v0.24.4 k8s.io/apimachinery v0.27.3 k8s.io/client-go v0.27.3 )

require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.1 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.42.0 // indirect github.com/prometheus/procfs v0.10.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/objx v0.5.0 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.5.0 // indirect golang.org/x/sys v0.8.0 // indirect golang.org/x/term v0.6.0 // indirect golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect "go.mod" 67L, 2873B 50,25-32 42% 6.975 go: downloading github.com/imdario/mergo v0.3.12 module github.com/spotahome/redis-operator

go 1.20

require ( github.com/go-redis/redis/v8 v8.11.5 github.com/prometheus/client_golang v1.16.0 github.com/sirupsen/logrus v1.9.3 github.com/spotahome/kooper/v2 v2.4.0 github.com/stretchr/testify v1.8.4 k8s.io/api v0.27.3 k8s.io/apiextensions-apiserver v0.24.4 k8s.io/apimachinery v0.27.3 k8s.io/client-go v0.27.3 )

require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.1 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.42.0 // indirect "go.mod" 67L, 2873B 13,25-32 Top 7.000 go: downloading github.com/spf13/pflag v1.0.5

redis-operator:latest (alpine 3.20.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

usr/local/bin/redis-operator (gobinary)

Total: 11 (UNKNOWN: 0, LOW: 0, MEDIUM: 9, HIGH: 2, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ HIGH │ fixed │ v0.8.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-3978 │ MEDIUM │ │ │ 0.13.0 │ golang.org/x/net/html: Cross site scripting │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3978 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-44487 │ │ │ │ 0.17.0 │ HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable │ │ │ │ │ │ │ │ to a DDoS attack... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-44487 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45288 │ │ │ │ 0.23.0 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ ├────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ google.golang.org/protobuf │ CVE-2024-24786 │ │ │ v1.30.0 │ 1.33.0 │ golang-protobuf: encoding/protojson, internal/encoding/json: │ │ │ │ │ │ │ │ infinite loop in protojson.Unmarshal when unmarshaling │ │ │ │ │ │ │ │ certain forms of... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24786 │ ├────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2023-45288 │ HIGH │ │ 1.20.14 │ 1.21.9, 1.22.2 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45289 │ MEDIUM │ │ │ 1.21.8, 1.22.1 │ golang: net/http/cookiejar: incorrect forwarding of │ │ │ │ │ │ │ │ sensitive headers and cookies on HTTP redirect... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45289 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45290 │ │ │ │ │ golang: net/http: memory exhaustion in │ │ │ │ │ │ │ │ Request.ParseMultipartForm │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45290 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-24783 │ │ │ │ │ golang: crypto/x509: Verify panics on certificates with an │ "../test.txt" 57L, 11889B 1,0-1 Top 7.033 go: downloading golang.org/x/term v0.6.0 module github.com/spotahome/redis-operator

go 1.20

require ( github.com/go-redis/redis/v8 v8.11.5 github.com/prometheus/client_golang v1.16.0 github.com/sirupsen/logrus v1.9.3 github.com/spotahome/kooper/v2 v2.4.0 github.com/stretchr/testify v1.8.4 k8s.io/api v0.27.3 k8s.io/apiextensions-apiserver v0.24.4 k8s.io/apimachinery v0.27.3 k8s.io/client-go v0.27.3 )

require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.1 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.42.0 // indirect "go.mod" 67L, 2873B 13,25-32 Top module github.com/spotahome/redis-operator

go 1.20

require ( github.com/go-redis/redis/v8 v8.11.5 github.com/prometheus/client_golang v1.16.0 github.com/sirupsen/logrus v1.9.3 github.com/spotahome/kooper/v2 v2.4.0 github.com/stretchr/testify v1.8.4 7.072 go: downloading github.com/gogo/protobuf v1.3.2

redis-operator:latest (alpine 3.20.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

usr/local/bin/redis-operator (gobinary)

Total: 11 (UNKNOWN: 0, LOW: 0, MEDIUM: 9, HIGH: 2, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ HIGH │ fixed │ v0.8.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-3978 │ MEDIUM │ │ │ 0.13.0 │ golang.org/x/net/html: Cross site scripting │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3978 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-44487 │ │ │ │ 0.17.0 │ HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable │ │ │ │ │ │ │ │ to a DDoS attack... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-44487 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45288 │ │ │ │ 0.23.0 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ ├────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ google.golang.org/protobuf │ CVE-2024-24786 │ │ │ v1.30.0 │ 1.33.0 │ golang-protobuf: encoding/protojson, internal/encoding/json: │ │ │ │ │ │ │ │ infinite loop in protojson.Unmarshal when unmarshaling │ │ │ │ │ │ │ │ certain forms of... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24786 │ ├────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2023-45288 │ HIGH │ │ 1.20.14 │ 1.21.9, 1.22.2 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45289 │ MEDIUM │ │ │ 1.21.8, 1.22.1 │ golang: net/http/cookiejar: incorrect forwarding of │ │ │ │ │ │ │ │ sensitive headers and cookies on HTTP redirect... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45289 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45290 │ │ │ │ │ golang: net/http: memory exhaustion in │ │ │ │ │ │ │ │ Request.ParseMultipartForm │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45290 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-24783 │ │ │ │ │ golang: crypto/x509: Verify panics on certificates with an │ "../test.txt" 57L, 11889B 1,0-1 Top 7.526 go: downloading github.com/google/gofuzz v1.2.0 module github.com/spotahome/redis-operator

go 1.20

require ( github.com/go-redis/redis/v8 v8.11.5 github.com/prometheus/client_golang v1.16.0 github.com/sirupsen/logrus v1.9.3 github.com/spotahome/kooper/v2 v2.4.0 github.com/stretchr/testify v1.8.4 k8s.io/api v0.27.3 k8s.io/apiextensions-apiserver v0.24.4 k8s.io/apimachinery v0.27.3 k8s.io/client-go v0.27.3 )

require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.1 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.42.0 // indirect "go.mod" 67L, 2873B 10,15-22 Top module github.com/spotahome/redis-operator

go 1.20

require ( github.com/go-redis/redis/v8 v8.11.5 github.com/prometheus/client_golang v1.16.0 github.com/sirupsen/logrus v1.9.3 github.com/spotahome/kooper/v2 v2.4.0 github.com/stretchr/testify v1.8.4 k8s.io/api v0.27.3 k8s.io/apiextensions-apiserver v0.24.4 k8s.io/apimachinery v0.27.3 k8s.io/client-go v0.27.3 )

require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect 7.592 go: downloading sigs.k8s.io/structured-merge-diff/v4 v4.2.3

redis-operator:latest (alpine 3.20.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

usr/local/bin/redis-operator (gobinary)

Total: 11 (UNKNOWN: 0, LOW: 0, MEDIUM: 9, HIGH: 2, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ HIGH │ fixed │ v0.8.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-3978 │ MEDIUM │ │ │ 0.13.0 │ golang.org/x/net/html: Cross site scripting │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3978 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-44487 │ │ │ │ 0.17.0 │ HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable │ │ │ │ │ │ │ │ to a DDoS attack... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-44487 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45288 │ │ │ │ 0.23.0 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ ├────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ google.golang.org/protobuf │ CVE-2024-24786 │ │ │ v1.30.0 │ 1.33.0 │ golang-protobuf: encoding/protojson, internal/encoding/json: │ │ │ │ │ │ │ │ infinite loop in protojson.Unmarshal when unmarshaling │ │ │ │ │ │ │ │ certain forms of... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24786 │ ├────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2023-45288 │ HIGH │ │ 1.20.14 │ 1.21.9, 1.22.2 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45289 │ MEDIUM │ │ │ 1.21.8, 1.22.1 │ golang: net/http/cookiejar: incorrect forwarding of │ │ │ │ │ │ │ │ sensitive headers and cookies on HTTP redirect... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45289 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45290 │ │ │ │ │ golang: net/http: memory exhaustion in │ │ │ │ │ │ │ │ Request.ParseMultipartForm │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45290 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-24783 │ │ │ │ │ golang: crypto/x509: Verify panics on certificates with an │ "../test.txt" 57L, 11889B 1,0-1 Top

7.728 go: downloading github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f 7.740 go: downloading github.com/go-logr/logr v1.2.3 8.015 go: downloading github.com/google/gnostic v0.5.7-v3refs 8.145 go: downloading golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 8.161 go: downloading github.com/davecgh/go-spew v1.1.1 8.212 go: downloading github.com/google/uuid v1.3.0 8.232 go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da 8.251 go: downloading gopkg.in/inf.v0 v0.9.1 8.310 go: downloading sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd 8.343 go: downloading github.com/json-iterator/go v1.1.12 8.387 go: downloading gopkg.in/yaml.v2 v2.4.0 8.411 go: downloading github.com/google/go-cmp v0.5.9 8.472 go: downloading gopkg.in/yaml.v3 v3.0.1 8.497 go: downloading k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f 8.847 go: downloading sigs.k8s.io/yaml v1.3.0 8.867 go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd 8.879 go: downloading github.com/modern-go/reflect2 v1.0.2 8.901 go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 8.912 go: downloading github.com/emicklei/go-restful/v3 v3.9.0 8.942 go: downloading github.com/go-openapi/swag v0.22.3 8.963 go: downloading github.com/go-openapi/jsonreference v0.20.1 9.013 go: downloading github.com/mailru/easyjson v0.7.7 9.052 go: downloading github.com/go-openapi/jsonpointer v0.19.6 9.071 go: downloading github.com/josharian/intern v1.0.0 13.20 /go/pkg/mod/k8s.io/apimachinery@v0.27.3/pkg/util/net/http.go:39:2: missing go.sum entry for module providing package golang.org/x/net/http2 (imported by k8s.io/client-go/rest); to add: 13.20 go get k8s.io/client-go/rest@v0.27.3

Dockerfile:11

9 | ARG TARGETARCH 10 | ARG VERSION 11 | >>> RUN GOOS=$TARGETOS GOARCH=$TARGETARCH VERSION=$VERSION ./scripts/build.sh 12 | 13 | FROM alpine:latest

ERROR: failed to solve: process "/bin/sh -c GOOS=$TARGETOS GOARCH=$TARGETARCH VERSION=$VERSION ./scripts/build.sh" did not complete successfully: exit code: 1 make: *** [Makefile:93: image] Error 1 ubuntu@ip-172-31-20-95:~/redis-operator$ vi go.mod ubuntu@ip-172-31-20-95:~/redis-operator$ vi go.mod ubuntu@ip-172-31-20-95:~/redis-operator$ vi go.mod ubuntu@ip-172-31-20-95:~/redis-operator$ vi ../test.txt ubuntu@ip-172-31-20-95:~/redis-operator$ vi go.mod ubuntu@ip-172-31-20-95:~/redis-operator$ vi ../test.txt ubuntu@ip-172-31-20-95:~/redis-operator$ vi go.mod ubuntu@ip-172-31-20-95:~/redis-operator$ vi ../test.txt ubuntu@ip-172-31-20-95:~/redis-operator$ cd .. ubuntu@ip-172-31-20-95:~$ ls -lrt total 114712 -rw-rw-r-- 1 ubuntu ubuntu 56744078 May 24 12:21 trivy_0.51.4_Linux-64bit.deb drwxr-xr-x 3 ubuntu ubuntu 4096 May 24 18:37 aws drwxrwxr-x 5 ubuntu ubuntu 4096 May 25 09:12 shell-scripting-projects -rw-rw-r-- 1 ubuntu ubuntu 60653689 May 26 06:44 awscliv2.zip -rwxrwxrwx 1 ubuntu ubuntu 475 May 26 07:20 aws_resource_tracker.sh -rw-rw-r-- 1 ubuntu ubuntu 57 May 26 19:43 calculator.sh -rw-rw-r-- 1 ubuntu ubuntu 21824 May 31 10:43 get-docker.sh drwxrwxr-x 19 ubuntu ubuntu 4096 May 31 11:15 redis-operator -rw-rw-r-- 1 ubuntu ubuntu 11889 May 31 11:18 test.txt ubuntu@ip-172-31-20-95:~$ mv test.txt redis-operator-trivy-scan-issues.txt ubuntu@ip-172-31-20-95:~$ ls -lrt total 114712 -rw-rw-r-- 1 ubuntu ubuntu 56744078 May 24 12:21 trivy_0.51.4_Linux-64bit.deb drwxr-xr-x 3 ubuntu ubuntu 4096 May 24 18:37 aws drwxrwxr-x 5 ubuntu ubuntu 4096 May 25 09:12 shell-scripting-projects -rw-rw-r-- 1 ubuntu ubuntu 60653689 May 26 06:44 awscliv2.zip -rwxrwxrwx 1 ubuntu ubuntu 475 May 26 07:20 aws_resource_tracker.sh -rw-rw-r-- 1 ubuntu ubuntu 57 May 26 19:43 calculator.sh -rw-rw-r-- 1 ubuntu ubuntu 21824 May 31 10:43 get-docker.sh drwxrwxr-x 19 ubuntu ubuntu 4096 May 31 11:15 redis-operator -rw-rw-r-- 1 ubuntu ubuntu 11889 May 31 11:18 redis-operator-trivy-scan-issues.txt ubuntu@ip-172-31-20-95:~$ ifconfig Command 'ifconfig' not found, but can be installed with: sudo apt install net-tools ubuntu@ip-172-31-20-95:~$ sudp apt install net-tools Command 'sudp' not found, did you mean: command 'ssdp' from snap ssdp (0.0.1) command 'sup' from deb sup (20100519-3) command 'sudo' from deb sudo (1.9.14p2-1ubuntu1) command 'sudo' from deb sudo-ldap (1.9.14p2-1ubuntu1) command 'sfdp' from deb graphviz (2.42.2-7build3) See 'snap info ' for additional versions. ubuntu@ip-172-31-20-95:~$ sudo apt install net-tools Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: net-tools 0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded. Need to get 204 kB of archives. After this operation, 811 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble/main amd64 net-tools amd64 2.10-0.1ubuntu4 [204 kB] Fetched 204 kB in 0s (7491 kB/s) Selecting previously unselected package net-tools. (Reading database ... 95265 files and directories currently installed.) Preparing to unpack .../net-tools_2.10-0.1ubuntu4_amd64.deb ... Unpacking net-tools (2.10-0.1ubuntu4) ... Setting up net-tools (2.10-0.1ubuntu4) ... Processing triggers for man-db (2.12.0-4build2) ... Scanning processes... Scanning candidates... Scanning linux images...

Running kernel seems to be up-to-date.

Restarting services...

Service restarts being deferred: /etc/needrestart/restart.d/dbus.service systemctl restart getty@tty1.service systemctl restart networkd-dispatcher.service systemctl restart serial-getty@ttyS0.service systemctl restart systemd-logind.service systemctl restart unattended-upgrades.service

redis-operator:latest (alpine 3.20.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

usr/local/bin/redis-operator (gobinary)

Total: 11 (UNKNOWN: 0, LOW: 0, MEDIUM: 9, HIGH: 2, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ HIGH │ fixed │ v0.8.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-3978 │ MEDIUM │ │ │ 0.13.0 │ golang.org/x/net/html: Cross site scripting │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3978 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-44487 │ │ │ │ 0.17.0 │ HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable │ │ │ │ │ │ │ │ to a DDoS attack... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-44487 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45288 │ │ │ │ 0.23.0 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ ├────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ google.golang.org/protobuf │ CVE-2024-24786 │ │ │ v1.30.0 │ 1.33.0 │ golang-protobuf: encoding/protojson, internal/encoding/json: │ │ │ │ │ │ │ │ infinite loop in protojson.Unmarshal when unmarshaling │ │ │ │ │ │ │ │ certain forms of... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24786 │ ├────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2023-45288 │ HIGH │ │ 1.20.14 │ 1.21.9, 1.22.2 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45289 │ MEDIUM │ │ │ 1.21.8, 1.22.1 │ golang: net/http/cookiejar: incorrect forwarding of │ │ │ │ │ │ │ │ sensitive headers and cookies on HTTP redirect... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45289 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45290 │ │ │ │ │ golang: net/http: memory exhaustion in │ │ │ │ │ │ │ │ Request.ParseMultipartForm │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45290 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-24783 │ │ │ │ │ golang: crypto/x509: Verify panics on certificates with an │ "redis-operator-trivy-scan-issues.txt" 57L, 11889B 1,0-1 Top

No containers need to be restarted.

redis-operator:latest (alpine 3.20.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

usr/local/bin/redis-operator (gobinary)

Total: 11 (UNKNOWN: 0, LOW: 0, MEDIUM: 9, HIGH: 2, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ HIGH │ fixed │ v0.8.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-3978 │ MEDIUM │ │ │ 0.13.0 │ golang.org/x/net/html: Cross site scripting │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3978 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-44487 │ │ │ │ 0.17.0 │ HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable │ │ │ │ │ │ │ │ to a DDoS attack... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-44487 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45288 │ │ │ │ 0.23.0 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ ├────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ google.golang.org/protobuf │ CVE-2024-24786 │ │ │ v1.30.0 │ 1.33.0 │ golang-protobuf: encoding/protojson, internal/encoding/json: │ │ │ │ │ │ │ │ infinite loop in protojson.Unmarshal when unmarshaling │ │ │ │ │ │ │ │ certain forms of... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24786 │ ├────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2023-45288 │ HIGH │ │ 1.20.14 │ 1.21.9, 1.22.2 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45289 │ MEDIUM │ │ │ 1.21.8, 1.22.1 │ golang: net/http/cookiejar: incorrect forwarding of │ │ │ │ │ │ │ │ sensitive headers and cookies on HTTP redirect... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45289 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45290 │ │ │ │ │ golang: net/http: memory exhaustion in │ │ │ │ │ │ │ │ Request.ParseMultipartForm │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45290 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-24783 │ │ │ │ │ golang: crypto/x509: Verify panics on certificates with an │ "redis-operator-trivy-scan-issues.txt" 57L, 11889B 1,0-1 Top

redis-operator:latest (alpine 3.20.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

usr/local/bin/redis-operator (gobinary)

Total: 11 (UNKNOWN: 0, LOW: 0, MEDIUM: 9, HIGH: 2, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ HIGH │ fixed │ v0.8.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-3978 │ MEDIUM │ │ │ 0.13.0 │ golang.org/x/net/html: Cross site scripting │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3978 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-44487 │ │ │ │ 0.17.0 │ HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable │ │ │ │ │ │ │ │ to a DDoS attack... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-44487 │ │ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45288 │ │ │ │ 0.23.0 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ ├────────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ google.golang.org/protobuf │ CVE-2024-24786 │ │ │ v1.30.0 │ 1.33.0 │ golang-protobuf: encoding/protojson, internal/encoding/json: │ │ │ │ │ │ │ │ infinite loop in protojson.Unmarshal when unmarshaling │ │ │ │ │ │ │ │ certain forms of... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24786 │ ├────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2023-45288 │ HIGH │ │ 1.20.14 │ 1.21.9, 1.22.2 │ golang: net/http, x/net/http2: unlimited number of │ │ │ │ │ │ │ │ CONTINUATION frames causes DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ │ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45289 │ MEDIUM │ │ │ 1.21.8, 1.22.1 │ golang: net/http/cookiejar: incorrect forwarding of │ │ │ │ │ │ │ │ sensitive headers and cookies on HTTP redirect... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45289 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-45290 │ │ │ │ │ golang: net/http: memory exhaustion in │ │ │ │ │ │ │ │ Request.ParseMultipartForm │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45290 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-24783 │ │ │ │ │ golang: crypto/x509: Verify panics on certificates with an │ "redis-operator-trivy-scan-issues.txt" 57L, 11889B 1,0-1 Top

[github-actions[bot]]

This issue is stale because it has been open for 45 days with no activity.

[github-actions[bot]]

This issue was closed because it has been inactive for 14 days since being marked as stale.