kubernetes/git-sync

git-sync Multiple Vulnerabilities

Closed this issue 3 months ago · 3 comments

laurentailylabs commented 3 months ago

Multiple vulnerabilities reported in zlib, openSSH, and GNULibc can be exploited to e.g. execute arbitrary code.

Can you please update the base image ?

CVE-2023-45853 | Zlib MiniZip Heap Overflow
CVE-2024-32002
CVE-2019-1010022 | GNU Libc Validation Bypass
CVE-2024-6387 OpenSSH regreSSHion Remote Code Execution
etc.

thockin commented 3 months ago

ACK

thockin commented 3 months ago

kubernetes/k8s.io#6941

👍1

thockin commented 3 months ago

https://github.com/kubernetes/git-sync/releases/tag/v4.2.4