Closed ponson-thankavel closed 2 years ago
Thanks for reporting! This is indeed in the base image so will see how I can improve it.
This has now been resolved and passes scanning in Snyk:
Sorry for this, it looks like the automated patching was stuck (#1690) and took some new measures:
I will release a new version soon.
thank you @tomkerkhove... thrilled by the quick response.... :) Looking forward for the new version...
It's the least I could do for this oversight - Sorry and thanks for reporting!
Are you using Promitor in production? I'd be happy to list you as an end-user.
They are now available on https://github.com/promitor/charts/releases
Are you using Promitor in production? I'd be happy to list you as an end-user.
Not yet. we are evaluating. :)
Cool, thanks. Feel free to let me know if you have any questions.
Report
I use promitor charts from artifacthub.io promiter-agent-resource-discovery promitor-agent-scraper
I observed 3 critical & 3 severe security vulnerabilities reported in artifacthub.io for the recent helm packages.
Affected versions: promitor-agent-resource-discovery - 0.4.1+ promitor-agent-scraper - 2.4.1+
List of Vulnerabilities https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711 https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
Is this being looked into?
Vulnerability Information
MITRE
Affected Component(s)
Resource Discovery, Scraper
Affected Version(s)
0.4.1+, 2.4.1+
Vulnerability Migitation
No response
Vulnerability Fix
I think this requires upgrading base image that contains the required library fixes (or) upgrade the libraries in Dockerfile. I haven't tried this though
Contact Details
mailtoponson@yahoo.co.in