Skip to main content
New to Testkube? Unleash the power of cloud native testing in Kubernetes with Testkube. Get Started >

testkube-operator-2.1.20_linux_arm64

digestsha256:575eefc3cae9d31e14c32808cfe7ba93158a71060ac259940af519a9b3779903
vulnerabilitiescritical: 0 high: 3 medium: 2 low: 0 unspecified: 1
size12 MB
packages67
critical: 0 high: 3 medium: 0 low: 0 unspecified: 1stdlib 1.21.13 (golang)

pkg:golang/stdlib@1.21.13
high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile56th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

unspecified : CVE--2024--34155

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

critical: 0 high: 0 medium: 1 low: 0 golang.org/x/net 0.17.0 (golang)

pkg:golang/golang.org/x/net@0.17.0
medium 5.3: CVE--2023--45288 Uncontrolled Resource Consumption

Affected range<0.23.0
Fixed version0.23.0
CVSS Score5.3
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score0.04%
EPSS Percentile14th percentile
Description

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.

critical: 0 high: 0 medium: 1 low: 0 google.golang.org/protobuf 1.31.0 (golang)

pkg:golang/google.golang.org/protobuf@1.31.0
medium : CVE--2024--24786 Loop with Unreachable Exit Condition ('Infinite Loop')

Affected range<1.33.0
Fixed version1.33.0
EPSS Score0.04%
EPSS Percentile16th percentile
Description

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.