We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Following is the list of CVEs for the released version of helm-push plugin. We need fix for these to use it in production!
#┌────────────────────────────────┬─────────────────────┬──────────┬────────┬────────────────────────┬──────────────────────────────────┬──────────────────────────────────────────────────────────────┐ #│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ #├────────────────────────────────┼─────────────────────┼──────────┼────────┼────────────────────────┼──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ fixed │ v2.8.1+incompatible │ 2.8.2-beta.1 │ distribution/distribution: DoS from malicious API request │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ #├────────────────────────────────┼─────────────────────┼──────────┤ ├────────────────────────┼──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ github.com/docker/docker │ CVE-2024-41110 │ CRITICAL │ │ v20.10.24+incompatible │ 23.0.15, 26.1.5, 27.1.1, 25.0.6 │ moby: Authz zero length regression │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-41110 │ #├────────────────────────────────┼─────────────────────┼──────────┤ ├────────────────────────┼──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ golang.org/x/crypto │ CVE-2024-45337 │ CRITICAL │ │ v0.27.0 │ 0.31.0 │ golang.org/x/crypto/ssh: Misuse of │ #│ │ │ │ │ │ │ ServerConfig.PublicKeyCallback may cause authorization │ #│ │ │ │ │ │ │ bypass in golang.org/x/crypto │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45337 │ #├────────────────────────────────┼─────────────────────┼──────────┤ ├────────────────────────┼──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ golang.org/x/net │ CVE-2023-39325 │ HIGH │ │ v0.9.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ #│ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ #│ ┼─────────────────────┼──────────┤ ├────────────────────────┼──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ │ CVE-2024-45338 │ HIGH │ │ v0.26.0 │ 0.33.0 │ golang.org/x/net/html: Non-linear parsing of │ #│ │ │ │ │ │ │ case-insensitive content in golang.org/x/net/html) │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45338 │ #├────────────────────────────────┼─────────────────────┼──────────┤ ├────────────────────────┼──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ google.golang.org/grpc │ GHSA-m425-mq94-257g │ │ │ v1.49.0 │ 1.56.3, 1.57.1, 1.58.3 │ gRPC-Go HTTP/2 Rapid Reset vulnerability │ #│ │ │ │ │ │ │ https://github.com/advisories/GHSA-m425-mq94-257g │ #├────────────────────────────────┼─────────────────────┤ │ ├────────────────────────┼──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ helm.sh/helm/v3 │ CVE-2024-26147 │ │ │ v3.11.2 │ 3.14.2 │ helm: Missing YAML Content Leads To Panic │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26147 │ #├────────────────────────────────┼─────────────────────┼──────────┤ ├────────────────────────┼──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ stdlib │ CVE-2024-24790 │ CRITICAL │ │ v1.20.4 │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for │ #│ │ │ │ │ │ │ IPv4-mapped IPv6 addresses │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24790 │ #│ ├─────────────────────┼──────────┤ │ ├──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ │ CVE-2023-29403 │ HIGH │ │ │ 1.19.10, 1.20.5 │ golang: runtime: unexpected behavior of setuid/setgid │ #│ │ │ │ │ │ │ binaries │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-29403 │ #│ ├─────────────────────┤ │ │ ├──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ │ CVE-2023-39325 │ │ │ │ 1.20.10, 1.21.3 │ golang: net/http, x/net/http2: rapid stream resets can cause │ #│ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ #│ ├─────────────────────┤ │ │ ├──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ │ CVE-2023-45283 │ │ │ │ 1.20.11, 1.21.4, 1.20.12, 1.21.5 │ The filepath package does not recognize paths with a \??\ │ #│ │ │ │ │ │ │ prefix as... │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45283 │ #│ ├─────────────────────┤ │ │ ├──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ │ CVE-2023-45288 │ │ │ │ 1.21.9, 1.22.2 │ golang: net/http, x/net/http2: unlimited number of │ #│ │ │ │ │ │ │ CONTINUATION frames causes DoS │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45288 │ #│ ├─────────────────────┤ │ │ ├──────────────────────────────────┼──────────────────────────────────────────────────────────────┤ #│ │ CVE-2024-34156 │ │ │ │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │ #│ │ │ │ │ │ │ which contains deeply nested structures... │ #│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-34156 │ #└────────────────────────────────┴─────────────────────┴──────────┴────────┴────────────────────────┴──────────────────────────────────┴──────────────────────────────────────────────────────────────┘
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Following is the list of CVEs for the released version of helm-push plugin. We need fix for these to use it in production!
The text was updated successfully, but these errors were encountered: