forked from kgateway-dev/kgateway
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.trivyignore
22 lines (20 loc) · 1.09 KB
/
.trivyignore
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# emicklei/go-restful - Authorization Bypass Through User-Controlled Key
# This should be fixed in v2's 2.16.0, although talks were undergoing about why this still shows up as an issue.
# https://github.com/emicklei/go-restful/pull/503
CVE-2022-1996
# These CVEs only impacts install of Gloo-Edge from Glooctl CLI.
# Also Helm module is used in testing, which has no impact on exploitation.
# Gloo-Edge data and control planes are not impacted at all by the helm module.
# Glooctl is not a long running program, and does not affect future uses of Glooctl.
# https://github.com/solo-io/gloo/issues/7598
# https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r
CVE-2022-23524
# https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q
CVE-2022-23525
# https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33
CVE-2022-23526
# https://nvd.nist.gov/vuln/detail/CVE-2022-41721
# Ignore this vulnerability; it does not affect the gateway-proxy image.
# No handlers exposed by the control plane fall victim to this attack
# because we do not use the maxBytesHandler
CVE-2022-41721