CVE Vulnerabilities in 1.12.2

[s-bauer]

Hey, just want to bring a few CVE vulnerabilities to your attention that affect the latest version of kured:

• Package: github.com/emicklei/go-restful/v3
  Severity: high
  Info: [security] Path parser inconsistency could lead to bypass several security checks in emicklei/go-restful emicklei/go-restful#497
  Impacted versions: <v3.10.0

• Package: go
  Severity: high
  Info: https://nvd.nist.gov/vuln/detail/CVE-2023-24537
  Impacted Versions: < 1.19.8
  Fixed in: 1.20.3, 1.19.8

• Operating System
  Severity: high
  Package: openssl
  Info: https://nvd.nist.gov/vuln/detail/CVE-2023-0464
  Impacted versions: <3.0.8-r1
  Fixed in: 3.0.8-r1

• Operating System
  Severity: medium
  Package: openssl
  Info: https://nvd.nist.gov/vuln/detail/CVE-2023-0466
  Impacted versions: <3.0.8-r3
  Fixed in: 3.0.8-r3

• Operating System
  Severity: medium
  Package: openssl
  Info: https://nvd.nist.gov/vuln/detail/CVE-2023-0465
  Impacted versions: <3.0.8-r2
  Fixed in: 3.0.8-r2

To fix those I think the following steps should be taken:

• Update go-restful from v3.9.0 to v3.10.0
• Rebuild package with latest go version and latest base image

[ckotzbauer]

Hey @s-bauer,
thanks for your issue. We will release a new version in the next few days. I think we can update go-restful before that. Do you want to open a PR?

[s-bauer]

@ckotzbauer Yea will have a look over the weekend and hopefully open a PR

[jackfrancis]

Thank you @s-bauer!

[davidmarkgardiner]

Thank you @s-bauer!