-
Notifications
You must be signed in to change notification settings - Fork 423
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE: PRISMA-2022-0227 in emicklei/go-restful/v3 #635
Comments
Thanks for the issue. Do you have a real CVE ID to point to? Twistlock/Prisma is a commercial project that the Kubernetes project doesn't have a subscription to, and its not clear that we're actually impacted with the affected symbols as |
I don't have a real CVE to point to. It's probably fair to describe Twistlock as an "eager scanner" and I'm not sure there's any real security impact with aws-iam-authenticator. Your assessment sounds correct to me. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
I am no longer using aws-iam-authenticator so I'll close this issue. |
Twistlock reports the following vulnerability with aws-iam-authenticator:
Package: github.com/emicklei/go-restful/v3
CVE: PRISMA-2022-0227
Fix Status: Fixed in:v3.10.0
Impacted versions: <v3.10.0
Currently aws-iam-authenticator is bringing in
v3.9.0
as an indirect dependency:aws-iam-authenticator/go.mod
Line 31 in 4aec898
go-restful v3.10.0 introduced a regression, but v3.11.0 fixes the vulnerability and also fixes the regression.
Suggestion:
go.mod
should be updated when possible.The text was updated successfully, but these errors were encountered: