This repository was archived by the owner on Apr 24, 2023. It is now read-only.
Description CVE-2022-29155 and CVE-2022-1292 are being reported as CVEs in the 1.9.3 release.
trivy i --severity CRITICAL kubesphere/fluent-bit:v1.9.3
2022-05-25T08:55:05.511+0200 INFO Detected OS: debian
2022-05-25T08:55:05.511+0200 INFO Detecting Debian vulnerabilities...
2022-05-25T08:55:05.532+0200 INFO Number of language-specific files: 1
2022-05-25T08:55:05.532+0200 INFO Detecting gobinary vulnerabilities...
kubesphere/fluent-bit:v1.9.3 (debian 11.3)
Total: 3 (CRITICAL: 3)
┌───────────────┬────────────────┬──────────┬───────────────────┬───────────────────────┬───────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├───────────────┼────────────────┼──────────┼───────────────────┼───────────────────────┼───────────────────────────────────────────────────┤
│ libldap-2.4-2 │ CVE-2022-29155 │ CRITICAL │ 2.4.57+dfsg-3 │ 2.4.57+dfsg-3+deb11u1 │ openldap: OpenLDAP SQL injection │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29155 │
├───────────────┼────────────────┤ ├───────────────────┼───────────────────────┼───────────────────────────────────────────────────┤
│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ openssl: c_rehash script allows command injection │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │
├───────────────┤ │ │ │ │ │
│ openssl │ │ │ │ │ │
│ │ │ │ │ │ │
└───────────────┴────────────────┴──────────┴───────────────────┴───────────────────────┴───────────────────────────────────────────────────┘
fluent-bit/bin/fluent-bit-watcher (gobinary)
Total: 0 (CRITICAL: 0)
Reactions are currently unavailable
CVE-2022-29155 and CVE-2022-1292 are being reported as CVEs in the 1.9.3 release.