Critical Vulnerability - CVE-2024-24790 #1123
Comments
Open
|
Thanks for reporting! We are going to upgrade golang version asap |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Good day,
I have been on journey to utilize KEDA Http Add On for a PoC and through the adoption process scanned the container images for potential vulnerabilities. The scanning tool used is Prisma, and it has indicated that there are in fact a critical vulnerability for most of the images utilized in kedacore/http-add-on.
It might also be worth considering updating of gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 to v0.14.1 or higher as there are also vulnerabilities that have been addressed.
The images that was scanned on Prisma was the following:
+----------------+----------+------+-----------+---------+--------------------------+-----------+------------+------------+----------------------------------------------------+-------------------+
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | GRACE DAYS | DESCRIPTION | TRIGGERED FAILURE |
+----------------+----------+------+-----------+---------+--------------------------+-----------+------------+------------+----------------------------------------------------+-------------------+
| CVE-2024-24790 | critical | 9.80 | net/netip | 1.22.2 | fixed in 1.21.11, 1.22.4 | 84 days | < 1 hour | -25 | The various Is methods (IsPrivate, IsLoopback, | Yes |
| | | | | | 85 days ago | | | | etc) did not work as expected for IPv4-mapped IPv6 | |
| | | | | | | | | | addresses, returning false for addresses which | |
| | | | | | | | | | would... | |
+----------------+----------+------+-----------+---------+--------------------------+-----------+------------+------------+----------------------------------------------------+-------------------+
Regards
The text was updated successfully, but these errors were encountered: