Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security issue in latest helm binary (v3.15.3) #357

Open
vr2388 opened this issue Jul 31, 2024 · 1 comment
Open

Security issue in latest helm binary (v3.15.3) #357

vr2388 opened this issue Jul 31, 2024 · 1 comment

Comments

@vr2388
Copy link

vr2388 commented Jul 31, 2024

I am using helm binary as part of my docker image and when I scan the image I found 1 CRITICAL security vulnerability in helm binary

=============================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

┌──────────────────────────┬────────────────┬──────────┬────────┬──────────────────────┬─────────────────────────┬────────────────────────────────────────────┐
│         Library          │ Vulnerability  │ Severity │ Status │  Installed Version   │      Fixed Version      │                   Title                    │
├──────────────────────────┼────────────────┼──────────┼────────┼──────────────────────┼─────────────────────────┼────────────────────────────────────────────┤
│ github.com/docker/docker │ CVE-2024-41110 │ CRITICAL │ fixed  │ v25.0.5+incompatible │ 23.0.14, 26.1.4, 27.1.0 │ moby: Authz zero length regression         │
│                          │                │          │        │                      │                         │ https://avd.aquasec.com/nvd/cve-2024-41110 │
└──────────────────────────┴────────────────┴──────────┴────────┴──────────────────────┴─────────────────────────┴────────────────────────────────────────────┘```

And also i found same issue while scanning the helm binary with **govulncheck** binary

```=== Symbol Results ===

Vulnerability #1: GO-2024-3005
    Moby authz zero length regression in github.com/moby/moby
  More info: https://pkg.go.dev/vuln/GO-2024-3005
  Module: github.com/docker/docker
    Found in: github.com/docker/[email protected]+incompatible
    Fixed in: github.com/docker/[email protected]+incompatible
    Vulnerable symbols found:
      #1: authorization.Ctx.AuthZRequest
      #2: authorization.Ctx.AuthZResponse```



Can you please help me in fixing this issue
@banjoh
Copy link

banjoh commented Aug 1, 2024

Please raise this issue https://github.com/helm/helm/issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants