-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Found security vulnerability in chartmuseum v0.15.0 #607
Comments
This issue is being tracked here: #568 |
scbizu
added a commit
that referenced
this issue
Sep 13, 2022
Closes #607 Signed-off-by: scbizu <[email protected]>
scbizu
added a commit
that referenced
this issue
Sep 13, 2022
Closes #607 Signed-off-by: scbizu <[email protected]>
scbizu
added a commit
that referenced
this issue
Sep 13, 2022
Closes #607 Signed-off-by: scbizu <[email protected]>
scbizu
added a commit
that referenced
this issue
Sep 13, 2022
Closes #607 Signed-off-by: scbizu <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
The chartMuseum binary contains the go.etcd.io/etcd-v3.3.27+incompatible library with is flagged as a security risk and need to update to the latest version 3.4.0 and above available for resolving the issue.
The mentioned library is coming as a derived dependency, as is verified by searching for it in the go.mod file. It is because of this vulnerable library that all the images having even the latest chartMuseum binary baked into them are failing the security scans.
The text was updated successfully, but these errors were encountered: