You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
High or critical vulnerabilities detected. Scan results are below:
{"SchemaVersion":2,"CreatedAt":"2024-12-29T02:45:59.780986577Z","ArtifactName":"ghcr.io/kyverno/kyverno:release-1.12","ArtifactType":"container_image","Metadata":{"OS":{"Family":"wolfi","Name":"20230201"},"ImageID":"sha256:5cfaff6882dc655c93aa6779210aedf56a8c93ba58cb09470ece80f26144545c","DiffIDs":["sha256:8eb6febda7cc907037aa1c02572d986ecc7415f79f403822e2f79af7b96467b8","sha256:ffe56a1c5f3878e9b5f803842adb9e2ce81584b6bd027e8599582aefe14a975b","sha256:e61344d27e058a6d1e350065a0c9e301e616be592f0852de7e164fca07746070"],"RepoTags":["ghcr.io/kyverno/kyverno:release-1.12"],"RepoDigests":["ghcr.io/kyverno/kyverno@sha256:115e302eed0cb12ad779a501b1169184d5511814699bdc3c379a35a202a750de"],"ImageConfig":{"architecture":"amd64","author":"github.com/ko-build/ko","created":"2024-11-12T12:01:47Z","history":[{"author":"apko","created":"2024-11-12T12:01:47Z","created_by":"apko","comment":"This is an apko single-layer image"},{"author":"ko","created":"0001-01-01T00:00:00Z","created_by":"ko build ko://github.com/kyverno/kyverno/cmd/kyverno","comment":"kodata contents, at $KO_DATA_PATH"},{"author":"ko","created":"0001-01-01T00:00:00Z","created_by":"ko build ko://github.com/kyverno/kyverno/cmd/kyverno","comment":"go build output, at /ko-app/kyverno"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:8eb6febda7cc907037aa1c02572d986ecc7415f79f403822e2f79af7b96467b8","sha256:ffe56a1c5f3878e9b5f803842adb9e2ce81584b6bd027e8599582aefe14a975b","sha256:e61344d27e058a6d1e350065a0c9e301e616be592f0852de7e164fca07746070"]},"config":{"Entrypoint":["/ko-app/kyverno"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ko-app","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt","KO_DATA_PATH=/var/run/ko"],"Labels":{"dev.chainguard.package.main":"","org.opencontainers.image.authors":"Chainguard Team https://www.chainguard.dev/","org.opencontainers.image.created":"2024-11-12T12:01:47Z","org.opencontainers.image.source":"https://github.com/chainguard-images/images/tree/main/images/static","org.opencontainers.image.url":"https://images.chainguard.dev/directory/image/static/overview","org.opencontainers.image.vendor":"Chainguard"},"User":"65532"}}},"Results":[{"Target":"ghcr.io/kyverno/kyverno:release-1.12 (wolfi 20230201)","Class":"os-pkgs","Type":"wolfi"},{"Target":"ko-app/kyverno","Class":"lang-pkgs","Type":"gobinary","Vulnerabilities":[{"VulnerabilityID":"CVE-2024-45338","PkgName":"golang.org/x/net","PkgIdentifier":{"PURL":"pkg:golang/golang.org/x/net@v0.25.0","UID":"39b390ca61b84f65"},"InstalledVersion":"v0.25.0","FixedVersion":"0.33.0","Status":"fixed","Layer":{"Digest":"sha256:fde84436898cdf0db1e701caceada90de4efeb60ab50d9969d3cb53f9478f208","DiffID":"sha256:e61344d27e058a6d1e350065a0c9e301e616be592f0852de7e164fca07746070"},"SeveritySource":"ghsa","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2024-45338","DataSource":{"ID":"ghsa","Name":"GitHub Security Advisory Go","URL":"https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"},"Title":"golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html","Description":"An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.","Severity":"HIGH","VendorSeverity":{"ghsa":3,"redhat":3},"CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5}},"References":["https://access.redhat.com/security/cve/CVE-2024-45338","https://cs.opensource.google/go/x/net","https://github.com/golang/go/issues/70906","https://go.dev/cl/637536","https://go.dev/issue/70906","https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ","https://nvd.nist.gov/vuln/detail/CVE-2024-45338","https://pkg.go.dev/vuln/GO-2024-3333","https://www.cve.org/CVERecord?id=CVE-2024-45338"],"PublishedDate":"2024-12-18T21:15:08.173Z","LastModifiedDate":"2024-12-18T21:15:08.173Z"}]}]}
The text was updated successfully, but these errors were encountered:
High or critical vulnerabilities detected. Scan results are below:
{"SchemaVersion":2,"CreatedAt":"2024-12-29T02:45:59.780986577Z","ArtifactName":"ghcr.io/kyverno/kyverno:release-1.12","ArtifactType":"container_image","Metadata":{"OS":{"Family":"wolfi","Name":"20230201"},"ImageID":"sha256:5cfaff6882dc655c93aa6779210aedf56a8c93ba58cb09470ece80f26144545c","DiffIDs":["sha256:8eb6febda7cc907037aa1c02572d986ecc7415f79f403822e2f79af7b96467b8","sha256:ffe56a1c5f3878e9b5f803842adb9e2ce81584b6bd027e8599582aefe14a975b","sha256:e61344d27e058a6d1e350065a0c9e301e616be592f0852de7e164fca07746070"],"RepoTags":["ghcr.io/kyverno/kyverno:release-1.12"],"RepoDigests":["ghcr.io/kyverno/kyverno@sha256:115e302eed0cb12ad779a501b1169184d5511814699bdc3c379a35a202a750de"],"ImageConfig":{"architecture":"amd64","author":"github.com/ko-build/ko","created":"2024-11-12T12:01:47Z","history":[{"author":"apko","created":"2024-11-12T12:01:47Z","created_by":"apko","comment":"This is an apko single-layer image"},{"author":"ko","created":"0001-01-01T00:00:00Z","created_by":"ko build ko://github.com/kyverno/kyverno/cmd/kyverno","comment":"kodata contents, at $KO_DATA_PATH"},{"author":"ko","created":"0001-01-01T00:00:00Z","created_by":"ko build ko://github.com/kyverno/kyverno/cmd/kyverno","comment":"go build output, at /ko-app/kyverno"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:8eb6febda7cc907037aa1c02572d986ecc7415f79f403822e2f79af7b96467b8","sha256:ffe56a1c5f3878e9b5f803842adb9e2ce81584b6bd027e8599582aefe14a975b","sha256:e61344d27e058a6d1e350065a0c9e301e616be592f0852de7e164fca07746070"]},"config":{"Entrypoint":["/ko-app/kyverno"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ko-app","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt","KO_DATA_PATH=/var/run/ko"],"Labels":{"dev.chainguard.package.main":"","org.opencontainers.image.authors":"Chainguard Team https://www.chainguard.dev/","org.opencontainers.image.created":"2024-11-12T12:01:47Z","org.opencontainers.image.source":"https://github.com/chainguard-images/images/tree/main/images/static","org.opencontainers.image.url":"https://images.chainguard.dev/directory/image/static/overview","org.opencontainers.image.vendor":"Chainguard"},"User":"65532"}}},"Results":[{"Target":"ghcr.io/kyverno/kyverno:release-1.12 (wolfi 20230201)","Class":"os-pkgs","Type":"wolfi"},{"Target":"ko-app/kyverno","Class":"lang-pkgs","Type":"gobinary","Vulnerabilities":[{"VulnerabilityID":"CVE-2024-45338","PkgName":"golang.org/x/net","PkgIdentifier":{"PURL":"pkg:golang/golang.org/x/net@v0.25.0","UID":"39b390ca61b84f65"},"InstalledVersion":"v0.25.0","FixedVersion":"0.33.0","Status":"fixed","Layer":{"Digest":"sha256:fde84436898cdf0db1e701caceada90de4efeb60ab50d9969d3cb53f9478f208","DiffID":"sha256:e61344d27e058a6d1e350065a0c9e301e616be592f0852de7e164fca07746070"},"SeveritySource":"ghsa","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2024-45338","DataSource":{"ID":"ghsa","Name":"GitHub Security Advisory Go","URL":"https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"},"Title":"golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html","Description":"An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.","Severity":"HIGH","VendorSeverity":{"ghsa":3,"redhat":3},"CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5}},"References":["https://access.redhat.com/security/cve/CVE-2024-45338","https://cs.opensource.google/go/x/net","https://github.com/golang/go/issues/70906","https://go.dev/cl/637536","https://go.dev/issue/70906","https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ","https://nvd.nist.gov/vuln/detail/CVE-2024-45338","https://pkg.go.dev/vuln/GO-2024-3333","https://www.cve.org/CVERecord?id=CVE-2024-45338"],"PublishedDate":"2024-12-18T21:15:08.173Z","LastModifiedDate":"2024-12-18T21:15:08.173Z"}]}]}
The text was updated successfully, but these errors were encountered: