kube-state-metrics v2.9.2 CVE Vulnerabilities

[its-saurabhjain]

While running a scan on this few CVE critical and High vulnerabilities are reported-

Distro CVE ID Compliance ID Type Severity Packages Package Version Package CVSS Fix Status
debian-bullseye PRISMA-2022-0227 go high github.com/emicklei/go-restful/v3 v3.9.0 7.5 fixed in v3.10.0
debian-bullseye CVE-2023-29403 binary high go 1.20.4 7.8 fixed in 1.20.5, 1.19.10
debian-bullseye CVE-2023-39533 binary high go 1.20.4 7.5 fixed in 1.20.7, 1.19.12
debian-bullseye CVE-2023-29402 binary critical go 1.20.4 9.8 fixed in 1.20.5, 1.19.10
debian-bullseye CVE-2023-29409 binary medium go 1.20.4 5.3 fixed in 1.20.7, 1.19.12
debian-bullseye CVE-2023-29405 binary critical go 1.20.4 9.8 fixed in 1.20.5, 1.19.10
debian-bullseye CVE-2023-29404 binary critical go 1.20.4 9.8 fixed in 1.20.5, 1.19.10
debian-bullseye CVE-2023-29406 binary medium go 1.20.4 6.5 fixed in 1.20.6, 1.19.11