You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The twistlock image vulnerabilty scanner reports this for ghcr.io/fluxcd/helm-controller:v0.27.0
PRISMA-2022-0227
github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system. emicklei/go-restful#497
It looks like it could be resolved by moving up to 3.10.1.
Notification controller ghcr.io/fluxcd/notification-controller:v0.28.0:
is also affected, it's go.mod has a good example of how to increment the version of this package.
The text was updated successfully, but these errors were encountered:
brutif
changed the title
vulnerability in go-restful module
increment go-restful module
Dec 9, 2022
The twistlock image vulnerabilty scanner reports this for ghcr.io/fluxcd/helm-controller:v0.27.0
PRISMA-2022-0227
github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system. emicklei/go-restful#497
It looks like it could be resolved by moving up to 3.10.1.
Notification controller ghcr.io/fluxcd/notification-controller:v0.28.0:
is also affected, it's go.mod has a good example of how to increment the version of this package.
The text was updated successfully, but these errors were encountered: