github.com/knative/func is vulnerable to information disclosure. The vulnerability is due to compromised third-party buildpacks which expose their registry credentials or local docker socket to a malicious lifecycle container, which allows remote attackers to access unauthorized information. This only affects users who use third party function buildpacks.
github.com/knative/func/blob/5ca77d38744d3481cc0b795f607c5859b19588fc/buildpacks/builder.go#L37-L41
github.com/knative/func/commit/1d22cb21cfb111ef9c31ae8c640262709ccdb384
github.com/knative/func/pull/1442
github.com/knative/func/pull/1443
github.com/knative/func/releases/tag/knative-v1.8.1
github.com/knative/func/security/advisories/GHSA-5336-2g3f-9g3m