GithubHelp home page GithubHelp logo

Comments (4)

k8s-ci-robot avatar k8s-ci-robot commented on July 2, 2024

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

from ingress-nginx.

longwuyuan avatar longwuyuan commented on July 2, 2024

/remove-kind bug

On way is to run grype on the image URL like

% grype `k -n ingress-nginx get po ingress-nginx-controller-5fd84ffd47-jm46d -o yaml | grep -i image: | head -1 | awk '{print $2 }'`
 ✔ Vulnerability DB                [updated]  
 ✔ Pulled image                    
 ✔ Loaded image                                                                      registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
 ✔ Parsed image                                                                                                                       sha256:ffcc66479b5baa5a65f94b8b7c73c6ee5ed989ec0b7f8f9371999f335ce4f44c
 ✔ Cataloged contents                                                                                                                        c2a20dbdba756cbc3c8c892e9bf153bc9ce88ccc79f4d078ba2ef0cfe5a9949f
   ├── ✔ Packages                        [204 packages]  
   ├── ✔ File digests                    [1,129 files]  
   ├── ✔ File metadata                   [1,129 locations]  
   └── ✔ Executables                     [211 executables]  
 ✔ Scanned for vulnerabilities     [40 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 16 medium, 0 low, 0 negligible (24 unknown)
   └── by status:   5 fixed, 35 not-fixed, 0 ignored 
NAME                        INSTALLED   FIXED-IN   TYPE       VULNERABILITY        SEVERITY 
busybox                     1.36.1-r15             apk        CVE-2023-42366       Medium    
busybox                     1.36.1-r15             apk        CVE-2023-42365       Medium    
busybox                     1.36.1-r15             apk        CVE-2023-42364       Medium    
busybox                     1.36.1-r15             apk        CVE-2023-42363       Medium    
busybox-binsh               1.36.1-r15             apk        CVE-2023-42366       Medium    
busybox-binsh               1.36.1-r15             apk        CVE-2023-42365       Medium    
busybox-binsh               1.36.1-r15             apk        CVE-2023-42364       Medium    
busybox-binsh               1.36.1-r15             apk        CVE-2023-42363       Medium    
c-ares                      1.24.0-r1   1.27.0-r0  apk        CVE-2024-25629       Medium    
curl                        8.5.0-r0               apk        CVE-2024-0853        Medium    
curl                        8.5.0-r0               apk        CVE-2024-2466        Unknown   
curl                        8.5.0-r0               apk        CVE-2024-2398        Unknown   
curl                        8.5.0-r0               apk        CVE-2024-2004        Unknown   
google.golang.org/protobuf  v1.32.0     1.33.0     go-module  GHSA-8r3f-844c-mc37  Medium    
libcrypto3                  3.1.4-r5    3.1.4-r6   apk        CVE-2024-2511        Unknown   
libssl3                     3.1.4-r5    3.1.4-r6   apk        CVE-2024-2511        Unknown   
nghttp2-libs                1.58.0-r0              apk        CVE-2024-28182       Medium    
openssl                     3.1.4-r5    3.1.4-r6   apk        CVE-2024-2511        Unknown   
ssl_client                  1.36.1-r15             apk        CVE-2023-42366       Medium    
ssl_client                  1.36.1-r15             apk        CVE-2023-42365       Medium    
ssl_client                  1.36.1-r15             apk        CVE-2023-42364       Medium    
ssl_client                  1.36.1-r15             apk        CVE-2023-42363       Medium    
stdlib                      go1.22.0               go-module  CVE-2024-24785       Unknown   
stdlib                      go1.22.0               go-module  CVE-2024-24784       Unknown   
stdlib                      go1.22.0               go-module  CVE-2024-24783       Unknown   
stdlib                      go1.22.0               go-module  CVE-2023-45290       Unknown   
stdlib                      go1.22.0               go-module  CVE-2023-45289       Unknown   
stdlib                      go1.22.0               go-module  CVE-2023-45288       Unknown

from ingress-nginx.

strongjz avatar strongjz commented on July 2, 2024

The project is currently patching 1.9 and 1.10; please upgrade to a supported version. If those release trains have the CVE, we will patch it.

/close

from ingress-nginx.

k8s-ci-robot avatar k8s-ci-robot commented on July 2, 2024

@strongjz: Closing this issue.

In response to this:

The project is currently patching 1.9 and 1.10; please upgrade to a supported version. If those release trains have the CVE, we will patch it.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

from ingress-nginx.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.