Skip to content

Remove some vulnerabilities from go modules #4506

New issue
New issue
Closed
#4580
#4576
Closed
Remove some vulnerabilities from go modules#4506
#4580
#4576
Assignees
shuchu
Labels
kind/bugpriority/p2
@brijesh-vora-sp

Description

@brijesh-vora-sp
brijesh-vora-sp
opened on Sep 9, 2024

Description:

There are quite some vulnerabilities in feast when I build docker image of k8s materialization engine.
Seems to be all go related. Would appreciate alteast removing critical and high one's ASAP. Thanks

Severity CVE ID Package name & version
High CVE-2021-3121 github.com/gogo/protobuf v1.2.1
High CVE-2022-24450 github.com/nats-io/nats-server/v2 v2.1.2
High CVE-2019-13126 github.com/nats-io/nats-server/v2 v2.1.2
High CVE-2020-28466 github.com/nats-io/nats-server/v2 v2.1.2
High CVE-2018-16886 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738
Medium CVE-2020-15106 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738
Medium CVE-2020-15112 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738
Medium CVE-2022-41727 golang.org/x/image v0.0.0-20220302094943-723b81ca9867
Medium CVE-2023-29408 golang.org/x/image v0.0.0-20220302094943-723b81ca9867
Medium CVE-2023-29407 golang.org/x/image v0.0.0-20220302094943-723b81ca9867
Critical CVE-2020-26892 github.com/nats-io/jwt v0.3.2
High CVE-2021-3127 github.com/nats-io/jwt v0.3.2
High CVE-2020-26521 github.com/nats-io/jwt v0.3.2
Medium CVE-2022-2582 github.com/aws/aws-sdk-go v1.27.0
Medium CVE-2020-8911 github.com/aws/aws-sdk-go v1.27.0
Low CVE-2020-8912 github.com/aws/aws-sdk-go v1.27.0
High CVE-2020-26160 github.com/dgrijalva/jwt-go v3.2.0+incompatible
Medium CVE-2019-19794 github.com/miekg/dns v1.0.14
High CVE-2022-21698 github.com/prometheus/client_golang v1.3.0
High CVE-2020-27813 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c

Possible Solution

Upgrade packages?

Metadata

Metadata

Assignees

Labels

kind/bugpriority/p2

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions