Skip to main content
New to Testkube? Unleash the power of cloud native testing in Kubernetes with Testkube. Get Started >

kube-rbac-proxy-v0.18.1_linux_amd64

digestsha256:85e87746fc166df9b5d2590eae23688e91b514d64dc0914d5101df4077099f91
vulnerabilitiescritical: 0 high: 3 medium: 1 low: 0 unspecified: 1
size32 MB
packages103
critical: 0 high: 3 medium: 0 low: 0 unspecified: 1stdlib 1.23.0 (golang)

pkg:golang/stdlib@1.23.0
high : CVE--2024--34158

Affected range
>=1.23.0-0
<1.23.1
Fixed version1.23.1
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range
>=1.23.0-0
<1.23.1
Fixed version1.23.1
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2022--30635

Affected range
>=1.23.0-0
<1.23.1
Fixed version1.23.1
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

unspecified : CVE--2024--34155

Affected range
>=1.23.0-0
<1.23.1
Fixed version1.23.1
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

critical: 0 high: 0 medium: 1 low: 0 k8s.io/apiserver 0.31.0 (golang)

pkg:golang/k8s.io/apiserver@0.31.0
medium 4.3: CVE--2020--8552 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range<1.15.10
Fixed version1.15.10, 1.16.7, 1.17.3
CVSS Score4.3
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score0.17%
EPSS Percentile54th percentile
Description

The Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests.