High risk vulnerability with v2.7.0

Question

High risk vulnerability with v2.7.0

bbindela opened this issue 2 years ago · 4 comments

bbindela commented 2 years ago

Hi Team,

We have one High risk vunerability with v2.7.0

golang.org/x/net version v0.4.0 has 1 vulnerability

Can you please help us by fixing this.
With this, node-driver-registrar will be vulnerability free.

Thank you.

Answer 1 · 2023-09-20T11:29:30.000Z

It's possible update the node-driver-registrar version?

Answer 2 · 2024-01-28T17:59:53.000Z

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

Answer 3 · 2024-01-30T12:53:25.000Z

/close
This has been fixed since v2.8.0 that has golang.org/x/net v0.8.0

Since CVE patching is done manually by volunteers, we strongly prefer PRs instead of issues.

Answer 4 · 2024-01-30T12:53:28.000Z

@jsafrane: Closing this issue.

In response to this:

/close
This has been fixed since v2.8.0 that has golang.org/x/net v0.8.0

Since CVE patching is done manually by volunteers, we strongly prefer PRs instead of issues.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.