v2.10.0 showing HIGH vulnerability CVE-2023-44487 #2231

mitchellmaler · 2023-10-27T15:44:03Z

kube-state-metrics/kube-state-metrics:v2.10.0 is showing HIGH vulnerability CVE-2023-44487. This will require upgrading to a later Golang patch version to pull in the latest net package to resolve.

dashpole · 2023-11-02T16:44:08Z

/assign @dgrisonnet
/triage accepted

dgrisonnet · 2023-11-08T17:32:31Z

It was addressed in #2214 and will be released as part of v2.10.1.

/cc @rexagod

rexagod · 2023-11-09T15:50:48Z

Released in v2.10.1.

mitchellmaler added the kind/bug Categorizes issue or PR as related to a bug. label Oct 27, 2023

k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Oct 27, 2023

k8s-ci-robot assigned dgrisonnet Nov 2, 2023

k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Nov 2, 2023

rexagod closed this as completed Nov 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v2.10.0 showing HIGH vulnerability CVE-2023-44487 #2231

v2.10.0 showing HIGH vulnerability CVE-2023-44487 #2231

mitchellmaler commented Oct 27, 2023

dashpole commented Nov 2, 2023

dgrisonnet commented Nov 8, 2023

rexagod commented Nov 9, 2023

v2.10.0 showing HIGH vulnerability CVE-2023-44487 #2231

v2.10.0 showing HIGH vulnerability CVE-2023-44487 #2231

Comments

mitchellmaler commented Oct 27, 2023

dashpole commented Nov 2, 2023

dgrisonnet commented Nov 8, 2023

rexagod commented Nov 9, 2023