Multiple CVEs found in latest release #9
Description
The latest image in Docker hub reveals multiple CVEs under trivy.
It looks like they can be resolved simply by bumping the relevant packages to the earliest fixed version.
Target kvaps/dnsmasq-controller (debian 12.5)
No Vulnerabilities found
No Misconfigurations found
Target dnsmasq-controller
Vulnerabilities (31)
| Package | ID | Severity | Installed Version | Fixed Version |
|---|---|---|---|---|
github.com/dgrijalva/jwt-go |
CVE-2020-26160 | HIGH | v3.2.0+incompatible | |
github.com/gogo/protobuf |
CVE-2021-3121 | HIGH | v1.2.2-0.20190723190241-65acae22fc9d | 1.3.2 |
github.com/prometheus/client_golang |
CVE-2022-21698 | HIGH | v1.0.0 | 1.11.1 |
golang.org/x/crypto |
CVE-2020-29652 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20201216223049-8b5274cf687f |
golang.org/x/crypto |
CVE-2020-7919 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20200124225646-8b5121be2f68 |
golang.org/x/crypto |
CVE-2020-9283 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20200220183623-bac4c82f6975 |
golang.org/x/crypto |
CVE-2021-43565 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20211202192323-5770296d904e |
golang.org/x/crypto |
CVE-2022-27191 | HIGH | v0.0.0-20190820162420-60c769a6c586 | 0.0.0-20220314234659-1baeb1ce4c0b |
golang.org/x/crypto |
CVE-2023-48795 | MEDIUM | v0.0.0-20190820162420-60c769a6c586 | 0.17.0 |
golang.org/x/net |
CVE-2021-33194 | HIGH | v0.0.0-20191004110552-13f9640d40b9 | 0.0.0-20210520170846-37e1c6afe023 |
golang.org/x/net |
CVE-2022-27664 | HIGH | v0.0.0-20191004110552-13f9640d40b9 | 0.0.0-20220906165146-f3363e06e74c |
golang.org/x/net |
CVE-2022-41723 | HIGH | v0.0.0-20191004110552-13f9640d40b9 | 0.7.0 |
golang.org/x/net |
CVE-2023-39325 | HIGH | v0.0.0-20191004110552-13f9640d40b9 | 0.17.0 |
golang.org/x/net |
CVE-2021-31525 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.0.0-20210428140749-89ef3d95e781 |
golang.org/x/net |
CVE-2022-41717 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.4.0 |
golang.org/x/net |
CVE-2023-3978 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.13.0 |
golang.org/x/net |
CVE-2023-44487 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.17.0 |
golang.org/x/net |
CVE-2023-45288 | MEDIUM | v0.0.0-20191004110552-13f9640d40b9 | 0.23.0 |
golang.org/x/sys |
CVE-2022-29526 | MEDIUM | v0.0.0-20190826190057-c7b8b68b1456 | 0.0.0-20220412211240-33da011f77ad |
golang.org/x/text |
CVE-2021-38561 | HIGH | v0.3.2 | 0.3.7 |
golang.org/x/text |
CVE-2022-32149 | HIGH | v0.3.2 | 0.3.8 |
golang.org/x/text |
CVE-2020-14040 | MEDIUM | v0.3.2 | 0.3.3 |
gopkg.in/yaml.v2 |
CVE-2019-11254 | MEDIUM | v2.2.4 | 2.2.8 |
k8s.io/apimachinery |
CVE-2020-8559 | MEDIUM | v0.17.2 | 0.16.13, 0.17.9, 0.18.7 |
k8s.io/client-go |
CVE-2020-8565 | MEDIUM | v0.17.2 | 0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16 |
stdlib |
CVE-2024-24790 | CRITICAL | 1.22.3 | 1.21.11, 1.22.4 |
stdlib |
CVE-2024-34156 | HIGH | 1.22.3 | 1.22.7, 1.23.1 |
stdlib |
CVE-2024-24789 | MEDIUM | 1.22.3 | 1.21.11, 1.22.4 |
stdlib |
CVE-2024-24791 | MEDIUM | 1.22.3 | 1.21.12, 1.22.5 |
stdlib |
CVE-2024-34155 | MEDIUM | 1.22.3 | 1.22.7, 1.23.1 |
stdlib |
CVE-2024-34158 | MEDIUM | 1.22.3 | 1.22.7, 1.23.1 |