Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical Vulnerability CVE-2024-41110 in v26.0.1 of docker included in k9s #2938

Closed
sarg3nt opened this issue Oct 28, 2024 · 1 comment
Closed

Critical Vulnerability CVE-2024-41110 in v26.0.1 of docker included in k9s #2938

sarg3nt opened this issue Oct 28, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@sarg3nt
Copy link

sarg3nt commented Oct 28, 2024
edited
Loading

We are building k9s into a go-dev-container and trivy security scanning is detecting the above mentioned critical vulnerability in k9s. See screenshot below.

A few thoughts.

  1. You have a lot of PRs from dependabot waiting to be merged. Any reason why?
  2. Recommend turning on trivy scanning.
  3. Recommend running your repo through https://app.stepsecurity.io/securerepo This tool is recommended by the ossf scorecard. Another security tool you can look into if you like.

Also CVE-2024-6257 , see second screenshot below.

image
Also
image
@derailed derailed mentioned this issue Nov 10, 2024
Merged
@derailed derailed added the bug Something isn't working label Nov 10, 2024
@derailed
Copy link
Owner

@sarg3nt Thanks for the heads up! Should be addressed in v0.32.6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@derailed @sarg3nt