We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The security team blocked us from implementing this exporter due of the following vulnerabilities:
❯ docker scout cves quay.io/prometheuscommunity/pgbouncer-exporter:v0.8.0 i New version 1.11.0 available (installed version is 1.6.3) at https://github.com/docker/scout-cli ✓ Pulled ✓ Image stored for indexing ✓ Indexed 27 packages ✗ Detected 2 vulnerable packages with a total of 5 vulnerabilities ## Overview │ Analyzed Image ────────────────────┼────────────────────────────────────────────────────────── Target │ quay.io/prometheuscommunity/pgbouncer-exporter:v0.8.0 digest │ ca78408f49b6 platform │ linux/arm64/v8 vulnerabilities │ 1C 1H 2M 0L 2? size │ 9.2 MB packages │ 27 ## Packages and Vulnerabilities 1C 1H 1M 0L 2? stdlib 1.22.1 pkg:golang/[email protected] ✗ CRITICAL CVE-2024-24790 https://scout.docker.com/v/CVE-2024-24790 Affected range : >=1.22.0-0 : <1.22.4 Fixed version : 1.22.4 ✗ HIGH CVE-2024-24791 https://scout.docker.com/v/CVE-2024-24791 Affected range : >=1.22.0-0 : <1.22.5 Fixed version : 1.22.5 ✗ MEDIUM CVE-2024-24789 https://scout.docker.com/v/CVE-2024-24789 Affected range : >=1.22.0-0 : <1.22.4 Fixed version : 1.22.4 ✗ UNSPECIFIED CVE-2024-24788 https://scout.docker.com/v/CVE-2024-24788 Affected range : >=1.22.0-0 : <1.22.3 Fixed version : 1.22.3 ✗ UNSPECIFIED CVE-2023-45288 https://scout.docker.com/v/CVE-2023-45288 Affected range : >=1.22.0-0 : <1.22.2 Fixed version : 1.22.2 0C 0H 1M 0L golang.org/x/net 0.22.0 pkg:golang/golang.org/x/[email protected] ✗ MEDIUM CVE-2023-45288 [Uncontrolled Resource Consumption] https://scout.docker.com/v/CVE-2023-45288 Affected range : <0.23.0 Fixed version : 0.23.0 CVSS Score : 5.3 CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 6 vulnerabilities found in 2 packages UNSPECIFIED 2 LOW 0 MEDIUM 2 HIGH 1 CRITICAL 1
The text was updated successfully, but these errors were encountered:
I see that some of them would be fixed from this Dependabot PR: #154
EDIT:
Applied the PR changes locally, built the binary and the Docker image, and I see no further vulnerabilities:
❯ docker scout cves pgbouncer-exporter:latest i New version 1.11.0 available (installed version is 1.10.0) at https://github.com/docker/scout-cli ✓ SBOM of image already cached, 29 packages indexed ✓ No vulnerable package detected ## Overview │ Analyzed Image ────────────────────┼────────────────────────────── Target │ pgbouncer-exporter:latest digest │ f5919f779664 platform │ linux/amd64 vulnerabilities │ 0C 0H 0M 0L size │ 9.7 MB packages │ 29 ## Packages and Vulnerabilities No vulnerable packages detected
Sorry, something went wrong.
I see the PR was merged, waiting for the new release. Thanks!
No branches or pull requests
The security team blocked us from implementing this exporter due of the following vulnerabilities:
The text was updated successfully, but these errors were encountered: