Please fix the CVEs for v0.47.2 #3471
Description
<style type="text/css"></style>
| CVE ID | Type | Severity | Packages | Source Package | Package Version | CVSS | Fix Status |
|---|---|---|---|---|---|---|---|
| CVE-2023-29404 | binary | critical | go | 1.19.9 | 9.8 | fixed in 1.20.5, 1.19.10 | |
| CVE-2023-29405 | binary | critical | go | 1.19.9 | 9.8 | fixed in 1.20.5, 1.19.10 | |
| CVE-2023-29402 | binary | critical | go | 1.19.9 | 9.8 | fixed in 1.20.5, 1.19.10 | |
| CVE-2019-0190 | OS | high | libssl1.1,libcrypto1.1 | openssl | 1.1.1u-r1 | 7.5 | |
| CVE-2023-2253 | go | high | github.com/docker/distribution | v2.8.1 | 7.5 | fixed in 2.8.2-beta.1 | |
| CVE-2023-28840 | go | high | github.com/docker/docker | v20.10.21 | 7.5 | fixed in 23.0.3, 20.10.24 | |
| CVE-2023-27561 | go | high | github.com/opencontainers/runc | v1.1.4 | 7 | fixed in 1.1.5 | |
| CVE-2024-21626 | go | high | github.com/opencontainers/runc | v1.1.4 | 8.6 | fixed in 1.1.12 | |
| CVE-2023-39325 | go | high | golang.org/x/net | v0.4.0 | 7.5 | fixed in 0.17.0 | |
| CVE-2022-41723 | go | high | golang.org/x/net | v0.4.0 | 7.5 | fixed in 0.7.0 | |
| GHSA-m425-mq94-257g | go | high | google.golang.org/grpc | v1.51.0 | 7.5 | fixed in 1.58.3, 1.57.1, 1.56.3 | |
| CVE-2023-45287 | binary | high | go | 1.19.9 | 7.5 | fixed in 1.20.0 | |
| CVE-2023-39323 | binary | high | go | 1.19.9 | 8.1 | fixed in 1.21.2, 1.20.9 | |
| CVE-2023-45285 | binary | high | go | 1.19.9 | 7.5 | fixed in 1.21.5, 1.20.12 | |
| CVE-2023-29403 | binary | high | go | 1.19.9 | 7.8 | fixed in 1.20.5, 1.19.10 | |
| CVE-2023-45283 | binary | high | go | 1.19.9 | 7.5 | fixed in 1.21.4, 1.20.11 | |
| CVE-2023-52425 | OS | low | libexpat | expat | 2.5.0-r2 | 0 | fixed in 2.6.0-r0 |
| CVE-2023-52426 | OS | low | libexpat | expat | 2.5.0-r2 | 0 | fixed in 2.6.0-r0 |
| CVE-2023-25809 | go | low | github.com/opencontainers/runc | v1.1.4 | 2.5 | fixed in 1.1.5 | |
| CVE-2023-6992 | OS | medium | zlib | 1.2.12-r3 | 5.5 | ||
| CVE-2023-5678 | OS | medium | libssl1.1,libcrypto1.1 | openssl | 1.1.1u-r1 | 5.3 | fixed in 1.1.1w-r1 |
| CVE-2023-3817 | OS | medium | libssl1.1,libcrypto1.1 | openssl | 1.1.1u-r1 | 5.3 | fixed in 1.1.1v-r0 |
| CVE-2023-3446 | OS | medium | libssl1.1,libcrypto1.1 | openssl | 1.1.1u-r1 | 5.3 | fixed in 1.1.1u-r2 |
| CVE-2024-0727 | OS | medium | libssl1.1,libcrypto1.1 | openssl | 1.1.1u-r1 | 5.5 | |
| PRISMA-2022-0164 | go | medium | github.com/aws/aws-sdk-go | v1.35.24 | 5.3 | fixed in v1.40.27 | |
| PRISMA-2023-0056 | go | medium | github.com/sirupsen/logrus | v1.8.1 | 6.2 | fixed in v1.9.3 | |
| CVE-2023-29409 | binary | medium | go | 1.19.9 | 5.3 | fixed in 1.20.7, 1.19.12 | |
| CVE-2023-45284 | binary | medium | go | 1.19.9 | 5.3 | fixed in 1.21.4, 1.20.11 | |
| CVE-2023-39318 | binary | medium | go | 1.19.9 | 6.1 | fixed in 1.21.1, 1.20.8 | |
| CVE-2023-39319 | binary | medium | go | 1.19.9 | 6.1 | fixed in 1.21.1, 1.20.8 | |
| CVE-2023-29406 | binary | medium | go | 1.19.9 | 6.5 | fixed in 1.20.6, 1.19.11 | |
| CVE-2023-39326 | binary | medium | go | 1.19.9 | 5.3 | fixed in 1.21.5, 1.20.12 | |
| GHSA-6xv5-86q9-7xr8 | go | moderate | github.com/cyphar/filepath-securejoin | v0.2.3 | 4 | fixed in 0.2.4 | |
| GHSA-jq35-85cj-fj4p | go | moderate | github.com/docker/docker | v20.10.21 | 4 | fixed in 20.10.27, 23.0.8, 24.0.7 | |
| CVE-2023-28842 | go | moderate | github.com/docker/docker | v20.10.21 | 6.8 | fixed in 23.0.3, 20.10.24 | |
| CVE-2023-28841 | go | moderate | github.com/docker/docker | v20.10.21 | 6.8 | fixed in 23.0.3, 20.10.24 | |
| CVE-2023-28642 | go | moderate | github.com/opencontainers/runc | v1.1.4 | 6.1 | fixed in 1.1.5 | |
| CVE-2023-48795 | go | moderate | golang.org/x/crypto | v0.1.0 | 5.9 | fixed in 0.17.0 | |
| CVE-2023-44487 | go | moderate | golang.org/x/net | v0.4.0 | 5.3 | fixed in 0.17.0 | |
| CVE-2023-3978 | go | moderate | golang.org/x/net | v0.4.0 | 6.1 | fixed in 0.13.0 | |
| CVE-2023-44487 | go | moderate | google.golang.org/grpc | v1.51.0 | 5.3 | fixed in 1.56.3, 1.57.1, 1.58.3 |