Merge pull request wolfi-dev#780 from chainguardian/adv-crictl-1.29.0-r1

Adding CVEs for crictl
sergio-chainguard · Jan 11, 2024 · b5875cc · b5875cc
2 parents f356d5c + 7c61ab5
commit b5875cc
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/cri-tools.advisories.yaml b/cri-tools.advisories.yaml
@@ -1,4 +1,4 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: cri-tools
@@ -33,3 +33,20 @@ advisories:
         data:
           type: vulnerable-code-not-included-in-package
           note: Only affects Windows
+
+  - id: CVE-2023-47108
+    aliases:
+      - GHSA-8pgv-569h-w5rw
+    events:
+      - timestamp: 2024-01-11T07:06:55Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: crictl
+            componentID: 7ea7b73b0dc5700e
+            componentName: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
+            componentVersion: v0.42.0
+            componentType: go-module
+            componentLocation: /usr/bin/crictl
+            scanner: grype