You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Scanning of quay.io/jetstack/cert-manager-controller:v1.5.3 and quay.io/jetstack/cert-manager-controller:v1.7.1 results in the following found criticals and high CVE's are these going to be handled in the next release of cert-manager?
+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | DESCRIPTION |+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+| CVE-2021-38297 | critical | 9.80 | go | 1.17.1 | fixed in 1.17.2, 1.16.9 | > 4 months | < 1 hour | Red Hat\'s versions of the associated software || | | | | | > 4 months ago | | | have been determined to NOT be affected by || | | | | | | | | CVE-2021-38297. |+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+| CVE-2022-23806 | critical | 9.10 | go | 1.17.1 | fixed in 1.17.7, 1.16.14 | 17 days | < 1 hour | Curve.IsOnCurve in crypto/elliptic in Go before || | | | | | 17 days ago | | | 1.16.14 and 1.17.x before 1.17.7 can incorrectly || | | | | | | | | return true in situations with a big.Int value || | | | | | | | | that i... |+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+| CVE-2022-23773 | high | 7.50 | go | 1.17.1 | fixed in 1.17.7, 1.16.14 | 17 days | < 1 hour | cmd/go in Go before 1.16.14 and 1.17.x before || | | | | | 17 days ago | | | 1.17.7 can misinterpret branch names that falsely || | | | | | | | | appear to be version tags. This can lead to || | | | | | | | | incorrect ... |+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+| CVE-2022-23772 | high | 7.50 | go | 1.17.1 | fixed in 1.17.7, 1.16.14 | 17 days | < 1 hour | Rat.SetString in math/big in Go before 1.16.14 and || | | | | | 17 days ago | | | 1.17.x before 1.17.7 has an overflow that can lead || | | | | | | | | to Uncontrolled Memory Consumption. |+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+| CVE-2021-44716 | high | 7.50 | go | 1.17.1 | fixed in 1.17.5, 1.16.12 | 81 days | < 1 hour | Go Toolset provides the Go programming language || | | | | | 58 days ago | | | tools and libraries. Go is alternatively known as || | | | | | | | | golang. Security Fix(es): * golang: net/http: || | | | | | | | | lim... |+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+| CVE-2021-41772 | high | 7.50 | go | 1.17.1 | fixed in 1.17.3, 1.16.10 | > 6 months | < 1 hour | DOCUMENTATION: A vulnerability was found || | | | | | > 3 months ago | | | in archive/zip of the Go standard library. || | | | | | | | | Applications written in Go where Reader.Open (the || | | | | | | | | API implementing... |+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+| CVE-2021-41771 | high | 7.50 | go | 1.17.1 | fixed in 1.17.3, 1.16.10 | > 4 months | < 1 hour | DOCUMENTATION: An out of bounds read vulnerability || | | | | | > 3 months ago | | | was found in debug/macho of the Go standard || | | | | | | | | library. When using the debug/macho standard || | | | | | | | | library (s... |+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Scanning of quay.io/jetstack/cert-manager-controller:v1.5.3 and quay.io/jetstack/cert-manager-controller:v1.7.1 results in the following found criticals and high CVE's are these going to be handled in the next release of cert-manager?
Beta Was this translation helpful? Give feedback.
All reactions