Fix medium severity CVEs #159

yash-acquia · 2024-06-11T12:06:16Z

What happened?
An orca scan detected the following CVEs:
GHSA-7ww5-4wqc-m92c
CVE-2023-2253
CVE-2023-45288

What are we trying to fix?
Upgrading the patch version of gobinary packages.

Vulnerability_id	Package Name	Vulnerable Version	Patch Version	Type
GHSA-7ww5-4wqc-m92c	github.com/containerd/containerd	v1.6.18	1.6.26	gobinary
CVE-2023-2253	github.com/docker/distribution	v2.8.1+incompatible	2.8.2-beta.1	gobinary
CVE-2023-45288	golang.org/x/net	v0.22.0	v0.23.0	gobinary

Environment

Kubernetes version: v1.28.9-eks
CSI driver image and version: docker.io/warmmetal/csi-image v1.2.2

mugdha-adhav · 2024-06-12T13:46:42Z

@yash-acquia could you also update the version to v1.2.3 in Chart.yaml and Makefile, so that we don't need another PR for this. You may refer last commit on how to do it.

fix CVEs

c913fa4

yash-acquia marked this pull request as ready for review June 11, 2024 13:18

yash-acquia requested a review from a team as a code owner June 11, 2024 13:18

update the version to v1.2.3 in Chart.yaml and Makefile

4cdd190

mugdha-adhav approved these changes Jun 12, 2024

View reviewed changes

mugdha-adhav merged commit e6e93b3 into warm-metal:main Jun 12, 2024

yash-acquia deleted the fix-cves branch July 23, 2024 07:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix medium severity CVEs #159

Fix medium severity CVEs #159

yash-acquia commented Jun 11, 2024 •

edited

Loading

mugdha-adhav commented Jun 12, 2024

Fix medium severity CVEs #159

Fix medium severity CVEs #159

Conversation

yash-acquia commented Jun 11, 2024 • edited Loading

mugdha-adhav commented Jun 12, 2024

yash-acquia commented Jun 11, 2024 •

edited

Loading