Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACK Detected Controllers CVEs #2190

Open
ack-bot opened this issue Oct 15, 2024 · 0 comments
Open

ACK Detected Controllers CVEs #2190

ack-bot opened this issue Oct 15, 2024 · 0 comments
Labels
kind/cve Categorizes issue or PR as related to CVE. prow/auto-gen PRs related to prow auto generation automation

Comments

@ack-bot
Copy link
Collaborator

ack-bot commented Oct 15, 2024

CVE ID Type Severity Installed Version Fixed Version Affected Controllers Title
CVE-2024-24788 gobinary HIGH 1.22.2 1.22.3 [elasticache] golang: net: malformed DNS message can cause infinite loop
CVE-2024-34156 gobinary HIGH 1.22.5 1.22.7, 1.23.1 [elasticache sagemaker mq route53] encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
CVE-2024-24789 gobinary MEDIUM 1.22.2 1.21.11, 1.22.4 [elasticache] golang: archive/zip: Incorrect handling of certain ZIP files
CVE-2024-24791 gobinary MEDIUM 1.22.2 1.21.12, 1.22.5 [elasticache] net/http: Denial of service due to improper 100-continue handling in net/http
CVE-2024-34155 gobinary MEDIUM 1.22.5 1.22.7, 1.23.1 [elasticache sagemaker mq route53] go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
CVE-2024-34158 gobinary MEDIUM 1.22.5 1.22.7, 1.23.1 [elasticache sagemaker mq route53] go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
CVE-2024-39689 amazon LOW 2023.2.64-1.amzn2.0.1 2023.2.68-1.amzn2.0.1 ALL python-certifi: Remove root certificates from GLOBALTRUST from the root store
CVE-2024-24790 gobinary CRITICAL 1.22.2 1.21.11, 1.22.4 [elasticache] golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
@ack-bot ack-bot added kind/cve Categorizes issue or PR as related to CVE. prow/auto-gen PRs related to prow auto generation automation labels Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/cve Categorizes issue or PR as related to CVE. prow/auto-gen PRs related to prow auto generation automation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ack-bot