Vulnerabilities found for grafana-agent:0.35.4-22.04_68

[ROCKsBot]

Vulnerabilities found for grafana-agent:0.35.4-22.04_68

ID	Target	Severity	Package
CVE-2024-41110	/usr/bin/grafana-agent	CRITICAL	github.com/docker/docker
CVE-2023-49569	/usr/bin/grafana-agent	CRITICAL	github.com/go-git/go-git/v5
CVE-2023-49568	/usr/bin/grafana-agent	HIGH	github.com/go-git/go-git/v5
GHSA-7jwh-3vrq-q3m8	/usr/bin/grafana-agent	HIGH	github.com/jackc/pgproto3/v2
CVE-2024-27289	/usr/bin/grafana-agent	HIGH	github.com/jackc/pgx/v4
CVE-2024-27304	/usr/bin/grafana-agent	HIGH	github.com/jackc/pgx/v4
GHSA-87m9-rv8p-rgmg	/usr/bin/grafana-agent	HIGH	github.com/mostynb/go-grpc-compression
CVE-2024-21626	/usr/bin/grafana-agent	HIGH	github.com/opencontainers/runc
CVE-2024-36129	/usr/bin/grafana-agent	HIGH	go.opentelemetry.io/collector/config/configgrpc
CVE-2024-36129	/usr/bin/grafana-agent	HIGH	go.opentelemetry.io/collector/config/confighttp
CVE-2023-45142	/usr/bin/grafana-agent	HIGH	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
CVE-2023-47108	/usr/bin/grafana-agent	HIGH	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
CVE-2023-45142	/usr/bin/grafana-agent	HIGH	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
CVE-2024-45337	/usr/bin/grafana-agent	HIGH	golang.org/x/crypto
CVE-2023-39325	/usr/bin/grafana-agent	HIGH	golang.org/x/net
GHSA-m425-mq94-257g	/usr/bin/grafana-agent	HIGH	google.golang.org/grpc
CVE-2024-24790	/usr/bin/grafana-agent	CRITICAL	stdlib
CVE-2023-45288	/usr/bin/grafana-agent	HIGH	stdlib
CVE-2024-34156	/usr/bin/grafana-agent	HIGH	stdlib

Affected tracks:

• 0.35-22.04_beta
• 0.35-22.04_candidate
• 0.35-22.04_edge
• 0.35-22.04_stable
• 0.35.4-22.04_beta
• 0.35.4-22.04_candidate
• 0.35.4-22.04_edge
• 0.35.4-22.04_stable

Details: https://github.com/canonical/oci-factory/actions/runs/12307936207