Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve High Vulnerabilities #16150

Open
codyharris-h2o-ai opened this issue Apr 9, 2024 · 1 comment
Open

Resolve High Vulnerabilities #16150

codyharris-h2o-ai opened this issue Apr 9, 2024 · 1 comment
Assignees
@valenad1
Labels
bug

Comments

@codyharris-h2o-ai
Copy link

Hello!
As part of our ongoing to ensure the security of our products, one or more vulnerabilities requiring remediation have been identified. We understand some of these are third party images, and fixes may be available in upgraded images, but it is difficult to do so without proper testing and dev acceptance.

Vulnerability Severity Image Package Description
CVE-2023-52425 high h2oai/h2o-open-source-k8s-minimal:3.46.0.1 expat:2.2.5 A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to r[...]
CVE-2024-21634 high h2oai/h2o-open-source-k8s-minimal:3.46.0.1 software.amazon.ion:ion-java:1.0.2 Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exist[...]

Please reach out if you have any questions.
@wendycwong
Copy link
Contributor

More info from cody:
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@valenad1 valenad1

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wendycwong @valenad1 @codyharris-h2o-ai