Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

find CVE-2024-45310 at controller-v1.10.4 #11936

Closed
githubliuyang777 opened this issue Sep 5, 2024 · 2 comments
Closed

find CVE-2024-45310 at controller-v1.10.4 #11936

githubliuyang777 opened this issue Sep 5, 2024 · 2 comments
Assignees
@Gacko @strongjz @rikatz
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@githubliuyang777
Copy link

trivy Version: 0.52.2

Library: github.com/opencontainers/runc
Vulnerability: CVE-2024-45310
Installed Version: 1.1.13

controller-v1.10.4

Fixed Version: 1.1.14, 1.2.0-rc.3
runc: runc can be tricked into creating empty files/directories on host https://avd.aquasec.com/nvd/cve-2024-45310
@githubliuyang777 githubliuyang777 added the kind/bug Categorizes issue or PR as related to a bug. label Sep 5, 2024
@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority labels Sep 5, 2024
@longwuyuan
Copy link
Contributor

/triage accepted
The next release of the controller will ship with the fix for this problem.

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Sep 5, 2024
@Gacko
Copy link
Member

Gacko commented Sep 5, 2024

This is already fixed through the following PRs (mind the target branch):

@Gacko Gacko closed this as completed Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Gacko Gacko

@strongjz strongjz

@rikatz rikatz

Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
[SIG Network] Ingress NGINX
Status: Done
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Gacko @strongjz @longwuyuan @rikatz @k8s-ci-robot @githubliuyang777