Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2024-24790 #219

Open
3vin opened this issue Aug 19, 2024 · 0 comments
Open

CVE-2024-24790 #219

3vin opened this issue Aug 19, 2024 · 0 comments

Comments

@3vin
Copy link

3vin commented Aug 19, 2024

Prisma scan is failing for the community 7.6.2 image.
Error:

CVE SEVERITY CVSS PACKAGE VERSION STATUS PUBLISHED DISCOVERED GRACE DAYS DESCRIPTION TRIGGERED FAILURE
CVE-2024-24790 critical 9.80 net/netip 1.22.2 fixed in 1.21.11, 1.22.4 74 days < 1 hour -15 The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would... Yes
CVE-2023-39325 high 7.50 golang.org/x/net/http2 v0.10.0 fixed in 0.17.0 > 10 months < 1 hour A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total ... No
GO-2023-2153 high 0.00 google.golang.org/grpc v1.55.0 fixed in 1.56.3, 1.57.1, 1.58.3 > 9 months < 1 hour An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go ser... No
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant