Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update attest params #22

Closed
wants to merge 6 commits into from
Closed

update attest params #22

wants to merge 6 commits into from

Conversation

yajith
Copy link
Contributor

@yajith yajith commented Sep 19, 2024

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 19, 2024
edited
Loading

🔍 Vulnerabilities of portainerci/kubectl-shell:pr22

📦 Image Reference portainerci/kubectl-shell:pr22
digestsha256:717325dbafa471baa8b36b634ffaf22b2663cc0f2d33cfb26fbfff0c4ef8bce0
vulnerabilitiescritical: 0 high: 6 medium: 0 low: 0
size42 MB
packages206
📦 Base Image alpine:3
also known as
  • 3.20
  • 3.20.3
  • latest
digestsha256:33735bd63cf84d7e388d9f6d297d348c523c044410f553bd878c6d7829612735
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 3 medium: 0 low: 0 stdlib 1.22.6 (golang)

pkg:golang/[email protected]

# Dockerfile (16:19)
RUN curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz | tar xvzf - && \
    mv ./linux-${TARGETARCH}/helm . && \
    chmod +x ./helm && \
    mv ./helm /usr/local/bin/helm

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile56th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 3 medium: 0 low: 0 stdlib 1.22.5 (golang)

pkg:golang/[email protected]

# Dockerfile (10:13)
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl && \
    chmod +x ./kubectl && \
    mv ./kubectl /usr/local/bin/kubectl && \
    echo -e 'source /usr/share/bash-completion/bash_completion\nsource <(kubectl completion bash)' >>~/.bashrc

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile56th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

@yajith yajith closed this Sep 24, 2024
@yajith yajith deleted the test-attest branch September 24, 2024 05:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@yajith