Skip to main content
New to Testkube? Unleash the power of cloud native testing in Kubernetes with Testkube. Get Started >

testkube-operator-2.1.22_linux_arm64

digestsha256:812f87c0c0411b7a11bf4f99822b5aa4f4c9e899fa99cb0e351af9ed78de521b
vulnerabilitiescritical: 0 high: 0 medium: 2 low: 0
size12 MB
packages67
critical: 0 high: 0 medium: 1 low: 0 golang.org/x/net 0.17.0 (golang)

pkg:golang/golang.org/x/net@0.17.0
medium 5.3: CVE--2023--45288 Uncontrolled Resource Consumption

Affected range<0.23.0
Fixed version0.23.0
CVSS Score5.3
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score0.04%
EPSS Percentile14th percentile
Description

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.

critical: 0 high: 0 medium: 1 low: 0 google.golang.org/protobuf 1.31.0 (golang)

pkg:golang/google.golang.org/protobuf@1.31.0
medium : CVE--2024--24786 Loop with Unreachable Exit Condition ('Infinite Loop')

Affected range<1.33.0
Fixed version1.33.0
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.