search

warm-metal / container-image-csi-driver

Kubernetes CSI driver for mounting image
MIT License
30 stars 22 forks source link

Fix medium severity CVEs #159

Closed yash-acquia closed 3 months ago

yash-acquia commented 3 months ago

What happened? An orca scan detected the following CVEs: GHSA-7ww5-4wqc-m92c CVE-2023-2253 CVE-2023-45288

What are we trying to fix? Upgrading the patch version of gobinary packages. Vulnerability_id Package Name Vulnerable Version Patch Version Type
GHSA-7ww5-4wqc-m92c github.com/containerd/containerd v1.6.18 1.6.26 gobinary
CVE-2023-2253 github.com/docker/distribution v2.8.1+incompatible 2.8.2-beta.1 gobinary
CVE-2023-45288 golang.org/x/net v0.22.0 v0.23.0 gobinary

Environment

mugdha-adhav commented 3 months ago

@yash-acquia could you also update the version to v1.2.3 in Chart.yaml and Makefile, so that we don't need another PR for this. You may refer last commit on how to do it.