You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range
<=v7.0.0
Fixed version
Not Fixed
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Description
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range
<=7.0.0
Fixed version
Not Fixed
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Description
This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.
github.com/opencontainers/runc1.1.15 (golang)
pkg:golang/github.com/opencontainers/runc@1.1.15
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range
<1.2.0-rc.1
Fixed version
1.2.0-rc.1
CVSS Score
7.2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Description
Withdrawn Advisory
This advisory has been withdrawn because it was incorrectly attributed to runc. Please see the issue here for more information.
Original Description
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. This issue has its root in how runc handles Config Annotations lists.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.0.2->0.1.3Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
valyentdev/ravel (valyentdev/ravel)
v0.1.3Compare Source
Changelog
249cefafix: gateway by name queryv0.1.2Compare Source
Changelog
3381b77fix: goreleaser config35262f1ci: add proxy to goreleaser5d11369fix: proxy default domainv0.1.1Compare Source
Changelog
b0e39c0fix: image ref parsing for docker.io registryv0.1.0Compare Source
Changelog
e972cffwip: enforce coherence between namespace and main registry repository25e8f77feat: add registry authentication5cf35befeat: add basic bearer auth and mTLS support to API serverb252113chore: implement proper deletion of fleets and namespaces + some fixes1340821feat: add mTLS support5628681feat: extract runtime from agent and allow standalone mode332f487refactor: prepare for v0.1a46c7c4Merge pull request #3 from mrsimonbennett/patch-1ff546c0Fix link to docsb95264efix illustration in readme.md7e6f1c3docs: cleanup mintlify docsaae0571chore: go mod tidy2cafa85feat: new http proxy for multi-node ingressf10c975chore: improve config file and add toml support429ff51chore: prepare for the new proxyConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.