We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Here is the trivy run that reports the issue in promql and crictl binaries.
promql
crictl
usr/local/bin/crictl (gobinary) =============================== Total: 4 (HIGH: 4, CRITICAL: 0) ┌──────────────────────────────────────────────────────────────┬─────────────────────┬──────────┬────────┬───────────────────┬────────────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────────────────────────────────────────────────┼─────────────────────┼──────────┼────────┼───────────────────┼────────────────────────┼──────────────────────────────────────────────────────────────┤ │ go.opentelemetry.io/contrib/instrumentation/google.golang.o- │ CVE-2023-47108 │ HIGH │ fixed │ v0.35.0 │ 0.[46](https://github.com/litmuschaos/litmus-go/actions/runs/8845410064/job/24289306759#step:5:47).0 │ opentelemetry-go-contrib: DoS vulnerability in otelgrpc due │ │ rg/grpc/otelgrpc │ │ │ │ │ │ to unbound cardinality metrics │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-[47](https://github.com/litmuschaos/litmus-go/actions/runs/8845410064/job/24289306759#step:5:48)108 │ ├──────────────────────────────────────────────────────────────┼─────────────────────┤ │ ├───────────────────┼────────────────────────┼──────────────────────────────────────────────────────────────┤ │ go.opentelemetry.io/contrib/instrumentation/net/http/otelht- │ CVE-2023-45142 │ │ │ v0.35.1 │ 0.44.0 │ opentelemetry: DoS vulnerability in otelhttp │ │ tp │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-45142 │ ├──────────────────────────────────────────────────────────────┼─────────────────────┤ │ ├───────────────────┼────────────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ │ │ v0.14.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-44[48](https://github.com/litmuschaos/litmus-go/actions/runs/8845410064/job/24289306759#step:5:49)7) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ ├──────────────────────────────────────────────────────────────┼─────────────────────┤ │ ├───────────────────┼────────────────────────┼──────────────────────────────────────────────────────────────┤ │ google.golang.org/grpc │ GHSA-m425-mq94-257g │ │ │ v1.54.0 │ 1.56.3, 1.57.1, 1.58.3 │ gRPC-Go HTTP/2 Rapid Reset vulnerability │ │ │ │ │ │ │ │ https://github.com/advisories/GHSA-m425-mq94-257g │ └──────────────────────────────────────────────────────────────┴─────────────────────┴──────────┴────────┴───────────────────┴────────────────────────┴──────────────────────────────────────────────────────────────┘ usr/local/bin/promql (gobinary) =============================== Total: 1 (HIGH: 1, CRITICAL: 0) ┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ HIGH │ fixed │ v0.7.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-444[87](https://github.com/litmuschaos/litmus-go/actions/runs/8845410064/job/24289306759#step:5:88)) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ └──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Here is the trivy run that reports the issue in
promqlandcrictlbinaries.The text was updated successfully, but these errors were encountered: