crossplane-contrib/provider-kubernetes

CVE-2023-48795, GHSA-45x7-px36-x8w8

AbrohamLincoln opened this issue a year ago · 2 comments

AbrohamLincoln commented a year ago

The addition of Azure AD authentication introduced an indirect dependency on the crypto package:

https://github.com/crossplane-contrib/provider-kubernetes/pull/170/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R81

This vulnerability was patched in version 0.17.0

https://nvd.nist.gov/vuln/detail/CVE-2023-48795
GHSA-45x7-px36-x8w8

AbrohamLincoln commented 10 months ago

It looks as though #173 will resolve this.

pedjak commented 10 months ago

Closed via #173

🎉1