Open
Description
The latest image in Docker hub reveals multiple CVEs under trivy.
It looks like they can be resolved simply by bumping the relevant packages to the earliest fixed version.
Target kvaps/dnsmasq-controller (debian 12.5)
No Vulnerabilities found
No Misconfigurations found
Target dnsmasq-controller
Vulnerabilities (31)
| Package | ID | Severity | Installed Version | Fixed Version |
|---|---|---|---|---|
github.com/dgrijalva/jwt-go |
CVE-2020-26160 | HIGH | v3.2.0+incompatible | |
github.com/gogo/protobuf |
CVE-2021-3121 | HIGH | v1.2.2-0.20190723190241-65acae22fc9d | 1.3.2 |
github.com/prometheus/client_golang |
CVE-2022-21698 | HIGH | v1.0.0 | 1.11.1 |
golang.org/x/crypto |
CVE-2020-29652 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20201216223049-8b5274cf687f |
golang.org/x/crypto |
CVE-2020-7919 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20200124225646-8b5121be2f68 |
golang.org/x/crypto |
CVE-2020-9283 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20200220183623-bac4c82f6975 |
golang.org/x/crypto |
CVE-2021-43565 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20211202192323-5770296d904e |
golang.org/x/crypto |
CVE-2022-27191 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20220314234659-1baeb1ce4c0b |
golang.org/x/crypto |
CVE-2023-48795 | MEDIUM | v0.0.0-20190820162420-60c769a6c586 | 0.17.0 |
golang.org/x/net |
CVE-2021-33194 | HIGH | v0.0.0-20191004110552-13f9640d40b9 | 0.0.0-20210520170846-37e1c6afe023 |
golang.org/x/net |
CVE-2022-27664 | HIGH | v0.0.0-20191004110552-13f9640d40b9 | 0.0.0-20220906165146-f3363e06e74c |
golang.org/x/net |
CVE-2022-41723 | HIGH | v0.0.0-20191004110552-13f9640d40b9 | 0.7.0 |
golang.org/x/net |
CVE-2023-39325 | HIGH | v0.0.0-20191004110552-13f9640d40b9 | 0.17.0 |
golang.org/x/net |
CVE-2021-31525 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.0.0-20210428140749-89ef3d95e781 |
golang.org/x/net |
CVE-2022-41717 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.4.0 |
golang.org/x/net |
CVE-2023-3978 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.13.0 |
golang.org/x/net |
CVE-2023-44487 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.17.0 |
golang.org/x/net |
CVE-2023-45288 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.23.0 |
golang.org/x/sys |
CVE-2022-29526 | MEDIUM | v0.0.0-20190826190057-c7b8b68b1456 | 0.0.0-20220412211240-33da011f77ad |
golang.org/x/text |
CVE-2021-38561 | HIGH | v0.3.2 | 0.3.7 |
golang.org/x/text |
CVE-2022-32149 | HIGH | v0.3.2 | 0.3.8 |
golang.org/x/text |
CVE-2020-14040 | MEDIUM | v0.3.2 | 0.3.3 |
gopkg.in/yaml.v2 |
CVE-2019-11254 | MEDIUM | v2.2.4 | 2.2.8 |
k8s.io/apimachinery |
CVE-2020-8559 | MEDIUM | v0.17.2 | 0.16.13, 0.17.9, 0.18.7 |
k8s.io/client-go |
CVE-2020-8565 | MEDIUM | v0.17.2 | 0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16 |
stdlib |
CVE-2024-24790 | CRITICAL | 1.22.3 | 1.21.11, 1.22.4 |
stdlib |
CVE-2024-34156 | HIGH | 1.22.3 | 1.22.7, 1.23.1 |
stdlib |
CVE-2024-24789 | MEDIUM | 1.22.3 | 1.21.11, 1.22.4 |
stdlib |
CVE-2024-24791 | MEDIUM | 1.22.3 | 1.21.12, 1.22.5 |
stdlib |
CVE-2024-34155 | MEDIUM | 1.22.3 | 1.22.7, 1.23.1 |
stdlib |
CVE-2024-34158 | MEDIUM | 1.22.3 | 1.22.7, 1.23.1 |
No Misconfigurations found
Metadata
Metadata
Assignees
Labels
No labels