forked from kgateway-dev/kgateway
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.trivyignore
28 lines (25 loc) · 1.42 KB
/
.trivyignore
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# emicklei/go-restful - Authorization Bypass Through User-Controlled Key
# This should be fixed in v2's 2.16.0, although talks were undergoing about why this still shows up as an issue.
# https://github.com/emicklei/go-restful/pull/503
CVE-2022-1996
# These CVEs only impacts install of Gloo-Edge from Glooctl CLI.
# Also Helm module is used in testing, which has no impact on exploitation.
# Gloo-Edge data and control planes are not impacted at all by the helm module.
# Glooctl is not a long running program, and does not affect future uses of Glooctl.
# https://github.com/solo-io/gloo/issues/7598
# https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r
CVE-2022-23524
# https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q
CVE-2022-23525
# https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33
CVE-2022-23526
# https://nvd.nist.gov/vuln/detail/CVE-2022-41721
# Ignore this vulnerability; it does not affect the gateway-proxy image.
# No handlers exposed by the control plane fall victim to this attack
# because we do not use the maxBytesHandler
CVE-2022-41721
# https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
# This CVE has not yet been patched in the kubectl version we are using, however it should not
# affect us as kubernetes does not use the affected code path (see description in
# https://github.com/kubernetes/kubernetes/pull/118036).
CVE-2023-2253