Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

specify go patch version #19

Merged
merged 3 commits into from
Jul 31, 2024
Merged

specify go patch version #19

merged 3 commits into from
Jul 31, 2024

Conversation

matheusfm
Copy link
Contributor

Description

This PR specifies Go patch version 1.22.5 to avoid some vulnerabilities

Before:

trivy image --scanners vuln ghcr.io/undistro/kubexns:v0.1.4
2024-07-31T10:35:43-03:00       INFO    Vulnerability scanning is enabled
2024-07-31T10:35:47-03:00       INFO    Detected OS     family="debian" version="12.5"
2024-07-31T10:35:47-03:00       INFO    [debian] Detecting vulnerabilities...   os_version="12" pkg_num=3
2024-07-31T10:35:47-03:00       INFO    Number of language-specific files       num=1
2024-07-31T10:35:47-03:00       INFO    [gobinary] Detecting vulnerabilities...

ghcr.io/undistro/kubexns:v0.1.4 (debian 12.5)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


kubexns (gobinary)

Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 1, CRITICAL: 1)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-24790 │ CRITICAL │ fixed  │ 1.22.2            │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for   │
│         │                │          │        │                   │                 │ IPv4-mapped IPv6 addresses                                   │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24790                   │
│         ├────────────────┼──────────┤        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-24788 │ HIGH     │        │                   │ 1.22.3          │ golang: net: malformed DNS message can cause infinite loop   │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24788                   │
│         ├────────────────┼──────────┤        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-24789 │ MEDIUM   │        │                   │ 1.21.11, 1.22.4 │ golang: archive/zip: Incorrect handling of certain ZIP files │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24789                   │
│         ├────────────────┤          │        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-24791 │          │        │                   │ 1.21.12, 1.22.5 │ net/http: Denial of service due to improper 100-continue     │
│         │                │          │        │                   │                 │ handling in net/http                                         │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24791                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘

After:

trivy image --scanners vuln ghcr.io/undistro/kubexns:latest
2024-07-31T10:40:02-03:00       INFO    Vulnerability scanning is enabled
2024-07-31T10:40:03-03:00       INFO    Detected OS     family="debian" version="11.7"
2024-07-31T10:40:03-03:00       INFO    [debian] Detecting vulnerabilities...   os_version="11" pkg_num=3
2024-07-31T10:40:03-03:00       INFO    Number of language-specific files       num=1
2024-07-31T10:40:03-03:00       INFO    [gobinary] Detecting vulnerabilities...

ghcr.io/undistro/kubexns:latest (debian 11.7)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Linked Issues

How has this been tested?

Building a docker image make docker-build and scanning with Trivy trivy image --scanners vuln ghcr.io/undistro/kubexns:latest

Checklist

  • I have labeled this PR with the relevant Type labels
  • I have documented my code (if applicable)
  • My changes are covered by tests

@matheusfm matheusfm added the dependencies Pull requests that update a dependency file label Jul 31, 2024
@matheusfm matheusfm requested a review from knrc July 31, 2024 13:43
@matheusfm matheusfm self-assigned this Jul 31, 2024
@matheusfm matheusfm merged commit e4511c5 into main Jul 31, 2024
4 checks passed
@matheusfm matheusfm deleted the go-patch-version branch July 31, 2024 15:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knrc knrc knrc approved these changes

Assignees

@matheusfm matheusfm

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matheusfm @knrc