There are security vulnerabilities such as low version DOS security attack of go-yaml package.

[ghost]

检测到 cloudnativer/kube-install 一共引入了231个开源组件，存在3个漏洞

漏洞标题：go-yaml < 2.2.8拒绝服务漏洞
缺陷组件：gopkg.in/yaml.v2@v2.2.2
漏洞编号：CVE-2019-11254
漏洞描述：gopkg.in/yaml.v2是go语言中用于处理yaml格式的包。
在2.2.8之前的版本中，处理恶意的yaml数据时，会导致CPU资源耗尽。
漏洞由Kubernetes开发者在fuzz测试中发现并提交修复补丁。
国家漏洞库信息：https://www.cnvd.org.cn/flaw/show/CNVD-2020-35519
影响范围：(∞, 2.2.8)
最小修复版本：2.2.8
缺陷组件引入路径：kube-install@->github.com/gin-gonic/gin@v1.7.7->github.com/stretchr/testify@v1.4.0->gopkg.in/yaml.v2@v2.2.2
kube-install@->github.com/leodido/go-urn@v1.2.0->github.com/stretchr/testify@v1.4.0->gopkg.in/yaml.v2@v2.2.2
kube-install@->k8s.io/kube-openapi@v0.0.0-20211115234752-e816edb12b65->github.com/go-openapi/swag@v0.19.5->gopkg.in/yaml.v2@v2.2.2
kube-install@->k8s.io/kube-openapi@v0.0.0-20211115234752-e816edb12b65->github.com/stretchr/testify@v1.5.1->gopkg.in/yaml.v2@v2.2.2

另外还有3个漏洞，详细报告：https://mofeisec.com/jr?p=aea335

[cloudnativer]

Thank you for your security vulnerability tips.
We will fix the related vulnerabilities in the next version.