Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492 vulnerabilities in 1.28.0 #370

Open
vvxxvvxx opened this issue Oct 16, 2024 · 4 comments

Comments

@vvxxvvxx
Copy link

The GHSA-4hvh-m426-wv8w, GHSA-784x-7qm2-gp97 and GHSA-5qxm-qvmj-8v79 vulnerabilities are still in k8s-sidecar:1.28.0.
#361 (comment)
Do you have any plan to fix them?

@ChristianGeie
Copy link
Collaborator

Hi @vvxxvvxx, it would be very helpful for me if you could tell me how you found this out. So if i run docker run --platform linux/amd64 --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest image --format table --no-progress --exit-code 0 --offline-scan --timeout 15m kiwigrid/k8s-sidecar:1.28.0 i cannot see any issues.

@ChristianGeie
Copy link
Collaborator

Next thing is, that the CVE's mentioned by you are related to the base python alpine image, so i cannot fix them. This must be done upstream.

@vvxxvvxx
Copy link
Author

Next thing is, that the CVE's mentioned by you are related to the base python alpine image, so i cannot fix them. This must be done upstream.

Hi @ChristianGeie "related to the base python alpine image", may I know where did you find this info (related to python alpine image)? thanks.

@ChristianGeie
Copy link
Collaborator

All related CVEs mentioned by you are related to libexpat which is served by the python alpine base image.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants