Bump golang from 1.23.4 to 1.23.5 to fix vulnerabilities. (#1793) · aquasecurity/kube-bench@c9985a6

Commit

Bump golang from 1.23.4 to 1.23.5 to fix vulnerabilities. (#1793)

This is the scan result of Trivy.

usr/local/bin/kube-bench (gobinary)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │        Fixed Version        │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-45336 │ MEDIUM   │ fixed  │ v1.23.4           │ 1.22.11, 1.23.5, 1.24.0-rc2 │ golang: net/http: net/http: sensitive headers incorrectly    │
│         │                │          │        │                   │                             │ sent after cross-domain redirect                             │
│         │                │          │        │                   │                             │ https://avd.aquasec.com/nvd/cve-2024-45336                   │
│         ├────────────────┤          │        │                   │                             ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-45341 │          │        │                   │                             │ golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can │
│         │                │          │        │                   │                             │ bypass URI name...                                           │
│         │                │          │        │                   │                             │ https://avd.aquasec.com/nvd/cve-2024-45341                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────┴──────────────────────────────────────────────────────────────┘

Signed-off-by: Masashi Honma <[email protected]>

Loading branch information

masap authored Feb 4, 2025

1 parent 368a8b5 commit c9985a6

.github/workflows/build.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,7 +14,7 @@ on: @@
           - "LICENSE"
           - "NOTICE"
     env:
-      GO_VERSION: "1.23.4"
+      GO_VERSION: "1.23.5"
       KIND_VERSION: "v0.11.1"
       KIND_IMAGE: "kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6"
@@ Expand Down @@

go.mod

-Original file line number
+Diff line change
@@ -1,6 +1,6 @@
     module github.com/aquasecurity/kube-bench
-    go 1.23.4
+    go 1.23.5
     require (
     	github.com/aws/aws-sdk-go-v2 v1.32.8
@@ Expand Down @@

0 comments on commit `c9985a6`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `c9985a6`

Commit

There are no files selected for viewing

0 comments on commit c9985a6

0 comments on commit `c9985a6`