You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened: Docker container is showing a high vulnerability using Cisco Vulnerability Management scanning tool. This is NOT a duplicate of #158 as this vulnerability is not included in that bug report, which is now almost 3 years old.
This vulnerability was recently fixed in version 3.5.0 of litmuschaos/chaos-operator. However it seems like the new image requires us to upgrade our chaos-runner image as well, which led to us running into this issue.
CVE Library Version Severity Fixed By Path
GHSA-qppj-fm5r-hxr3 golang.org/x/net v0.7.0 High v0.17.0 /usr/local/bin/chaos-operator
Choose one: BUG REPORT
What happened: Docker container is showing a high vulnerability using Cisco Vulnerability Management scanning tool. This is NOT a duplicate of #158 as this vulnerability is not included in that bug report, which is now almost 3 years old.
This vulnerability was recently fixed in version 3.5.0 of litmuschaos/chaos-operator. However it seems like the new image requires us to upgrade our chaos-runner image as well, which led to us running into this issue.
CVE Library Version Severity Fixed By Path
GHSA-qppj-fm5r-hxr3 golang.org/x/net v0.7.0 High v0.17.0 /usr/local/bin/chaos-operator
CVE-2023-44487
What you expected to happen: Scanning jobs for production level containers should not have high vulnerabilities when using the latest image.
How to reproduce it (as minimally and precisely as possible): Used the Cisco Vulnerability Management scanning tool https://www.cisco.com/site/us/en/products/security/vulnerability-management/index.html
The text was updated successfully, but these errors were encountered: