github-actions[bot]
commented
1 week ago :mag: Vulnerabilities of ghcr.io/uniget-org/tools/eksctl:0.184.0
:package: Image Reference ghcr.io/uniget-org/tools/eksctl:0.184.0
| digest | sha256:5f58a6490e3d466eb084ff957dce31fc7f6df340c1a966b3cee4505f8deabfb7 |
| vulnerabilities |      |
| platform | linux/amd64 |
| size | 36 MB |
| packages | 238 |
pkg:golang/github.com/aws/aws-sdk-go@1.51.16
DescriptionThe Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket. Files encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client. 
DescriptionThe Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket. Files encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client. | ||||||||
pkg:golang/k8s.io/apiserver@0.29.0 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
DescriptionThe Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests. | ||||||||
pkg:golang/stdlib@1.21.11
DescriptionThe net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. |
github.com/aws/aws-sdk-go 
k8s.io/apiserver 
stdlib
This PR contains the following updates:
0.183.0->0.184.0Release Notes
eksctl-io/eksctl (eksctl-io/eksctl)
### [`v0.184.0`](https://togithub.com/eksctl-io/eksctl/releases/tag/v0.184.0): eksctl 0.184.0 [Compare Source](https://togithub.com/eksctl-io/eksctl/compare/0.183.0...0.184.0) ### Release v0.184.0 #### 🚀 Features - Cluster creation flexibility for default networking addons ([#7866](https://togithub.com/eksctl-io/eksctl/issues/7866)) #### 🎯 Improvements - use string in logging instead of wrapping error ([#7838](https://togithub.com/eksctl-io/eksctl/issues/7838)) - Stop using P2 instances which will be retired ([#7826](https://togithub.com/eksctl-io/eksctl/issues/7826)) #### 🧰 Maintenance - Fix SDK paginator mocks ([#7850](https://togithub.com/eksctl-io/eksctl/issues/7850)) - Schedule pods on a nodegroup on which no concurrent actions are executed ([#7834](https://togithub.com/eksctl-io/eksctl/issues/7834)) #### Acknowledgments The eksctl maintainers would like to sincerely thank [@moreandres](https://togithub.com/moreandres).Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.