mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2026-02-14 10:00:14 +00:00
Fix CVEs (#1857)
Resolves #1852. usr/local/bin/kube-bench (gobinary) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0) ┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2025-22872 │ MEDIUM │ fixed │ v0.36.0 │ 0.38.0 │ The tokenizer incorrectly interprets tags with unquoted │ │ │ │ │ │ │ │ attribute valu ... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22872 │ ├──────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2025-22871 │ │ │ v1.24.1 │ 1.23.8, 1.24.2 │ net/http: Request smuggling due to acceptance of invalid │ │ │ │ │ │ │ │ chunked data in net/http... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22871 │ └──────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────┘ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This commit is contained in:
Masashi Honma
GitHub
@@ -1,4 +1,4 @@
|
||||
FROM golang:1.24.1 AS build
|
||||
FROM golang:1.24.2 AS build
|
||||
WORKDIR /go/src/github.com/aquasecurity/kube-bench/
|
||||
COPY makefile makefile
|
||||
COPY go.mod go.sum ./
|
||||
|
||||
Reference in New Issue
Block a user