VladislavDubrovenski opened a new issue, #2155:
URL: https://github.com/apache/apisix-ingress-controller/issues/2155
### Current Behavior
IT flagged CVE-2023-48795 in the APISIX controller version 1.7.1. After
running aqua security scan, the following were discovered:
- fixedVersion: ""
installedVersion: 1.8.0-4.el7
lastModifiedDate: "2024-01-25T04:15:07Z"
links: []
primaryLink: https://avd.aquasec.com/nvd/cve-2023-48795
publishedDate: "2023-12-18T16:15:10Z"
resource: libssh2
score: 5.9
severity: MEDIUM
target: ""
title: 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)'
- fixedVersion: 0.17.0
installedVersion: v0.12.0
lastModifiedDate: "2024-01-25T04:15:07Z"
links: []
primaryLink: https://avd.aquasec.com/nvd/cve-2023-48795
publishedDate: "2023-12-18T16:15:10Z"
resource: golang.org/x/crypto
score: 5.9
severity: MEDIUM
target: ""
title: 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)'
vulnerabilityID: CVE-2023-48795
Need an issue open for tracking.. I apologize if the submission is incorrect
and kindly let me know how to submit it. I did not find any PR addressing this
issue. Thank you for the awesome APISIX!
### Expected Behavior
The scanners don't flag this..
### Error Logs
_No response_
### Steps to Reproduce
1. Install APISIX via helm chart version apisix:1.10.0
2. Run trivy
### Environment
digest:
sha256:67d4154c8f90a3e66544ab3e93a25a4b015f3e49c6bb41ca50b2d4869d0f215d
repository: apache/apisix-ingress-controller
tag: 1.7.1
Kubernetes 1.27.3(AKS)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
