CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492 vulnerabilities in 1.28.0

[vvxxvvxx]

The GHSA-4hvh-m426-wv8w, GHSA-784x-7qm2-gp97 and GHSA-5qxm-qvmj-8v79 vulnerabilities are still in k8s-sidecar:1.28.0.
#361 (comment)
Do you have any plan to fix them?

[ChristianGeie]

Hi @vvxxvvxx, it would be very helpful for me if you could tell me how you found this out. So if i run docker run --platform linux/amd64 --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest image --format table --no-progress --exit-code 0 --offline-scan --timeout 15m kiwigrid/k8s-sidecar:1.28.0 i cannot see any issues.

[ChristianGeie]

Next thing is, that the CVE's mentioned by you are related to the base python alpine image, so i cannot fix them. This must be done upstream.

[vvxxvvxx]

Next thing is, that the CVE's mentioned by you are related to the base python alpine image, so i cannot fix them. This must be done upstream.

Hi @ChristianGeie "related to the base python alpine image", may I know where did you find this info (related to python alpine image)? thanks.