GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: ko, flux-kustomize-controller, ollama, metacontroller, dynamic-localpv-provisioner, kots, prometheus-adapter, slsa-verifier, hey, nodetaint, fuse-overlayfs-snapshotter, node-problem-detector, nghttp2, secrets-store-csi-driver, nats, envoy-ratelimit, weaviate,...

AZL-35038 CVE-2023-44487 affecting package node-problem-detector for versions less than 0.8.10-16

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31336 CVE-2023-44487 affecting package node-problem-detector for versions less than 0.8.10-16

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Kubeeye - Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems

KubeEye is an inspection tool for Kubernetes to discover Kubernetes resources by OPA , cluster components, cluster nodes by Node-Problem-Detector and other configurations are meeting with best practices, and giving suggestions for modification. KubeEye supports custom inspection rules and plugins...

AZL-35041 CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.15-1

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-33628 CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.17-2

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-35039 CVE-2022-29526 affecting package node-problem-detector for versions less than 0.8.15-1

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

AZL-35040 CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.15-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-33626 CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.10-19

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-33627 CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.10-20

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-35037 CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.15-1

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...