[Bug] Critical and High vulnerability - CVE-2024-45337, CVE-2024-45338 #2585
Labels
kind/bug
Categorizes issue or PR as related to a bug.
kind/support
Categorizes issue or PR as a support question.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
Comments
k8s-ci-robot
added
kind/support
|
This issue is currently awaiting triage. If kube-state-metrics contributors determine this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The latest version 2.14.0 contains the following vulnerabilities:
GHSA-v778-237x-gjrc (Critical)
GHSA-w32m-9786-jp63 (High)
Vulnerability details: https://nvd.nist.gov/vuln/detail/CVE-2024-45337
Vulnerability details: https://nvd.nist.gov/vuln/detail/CVE-2024-45338
Fix:
GHSA-v778-237x-gjrc | golang.org/x/crypto | Critical | - | 0.31.0
GHSA-w32m-9786-jp63 | golang.org/x/net | High | - | 0.33.0
/kind support
The text was updated successfully, but these errors were encountered: