Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please update go-restful golang-jwt and golang.org/x/net version to fix twistlock scan issue #6322

Closed
quietsnail opened this issue Feb 21, 2023 · 0 comments · Fixed by #6383
Closed

Please update go-restful golang-jwt and golang.org/x/net version to fix twistlock scan issue #6322

quietsnail opened this issue Feb 21, 2023 · 0 comments · Fixed by #6383
Assignees
@everettraven
Labels
language/ansible Issue is related to an Ansible operator project
Milestone
v1.30.0

Comments

@quietsnail
Copy link

Hello,
ansible-operator get below security issues in twistlock scan. Please update versoin in go.mod accordingly . Thank you.

high H 7.5 Has fix,High severity PRISMA-2022-0227 emicklei/go-restful#497 Y fixed in v3.10.0 go github.com/emicklei/go-restful/v3 v3.9.0     /usr/local/bin/ansible-operator
medium M 5.4 DoS,Has fix,Medium severity PRISMA-2022-0270 golang-jwt/jwt#223 Y fixed in v4.4.3 go github.com/golang-jwt/jwt/v4 v4.2.0     /usr/local/bin/ansible-operator
low L 1 DoS,Has fix,Recent vulnerability CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 Y fixed in 0.7.0 go golang.org/x/net v0.0.0-20221014081412-f15817d10f9b /usr/local/bin/ansible-operator

it still old go-restful version:
https://github.com/operator-framework/operator-sdk/blob/master/go.mod#L95

it still old golang-jwt:
https://github.com/operator-framework/operator-sdk/blob/master/go.mod#L117

it still old golang.org/x/net:
https://github.com/operator-framework/operator-sdk/blob/master/go.mod#L218
@varshaprasad96 varshaprasad96 added this to the v1.29.0 milestone Feb 27, 2023
@varshaprasad96 varshaprasad96 added the language/ansible Issue is related to an Ansible operator project label Mar 29, 2023
@everettraven everettraven mentioned this issue Mar 30, 2023
Merged
2 tasks
@everettraven everettraven modified the milestones: v1.29.0, v1.30.0 May 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@everettraven everettraven

Labels
language/ansible Issue is related to an Ansible operator project
Projects
None yet
Milestone
v1.30.0
Development

Successfully merging a pull request may close this issue.

(chore): bump dependencies to resolve CVE issues everettraven/operator-sdk
3 participants
@everettraven @varshaprasad96 @quietsnail