CVE-2023-28155 reported against kubernetes-client (because of sub package request) #1024
Comments
|
@mstruebing I think 0.18.1 is already released. At least according to npm, it was published two months ago and has over 100k downloads in the past week. 😊 Still: Thank you for tagging this as a duplicate. 👍 |
|
Oh you are right, but there is not github tag :/ |
|
hrmph, my script is supposed to git tag things :( I'll look into fixing that. Closing this as a duplicate. |
|
I added the tag manually, in fixing the release script, I disabled tagging (I can't remember why I did that :) but I'll see about re-enabling it. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Describe the bug
Our scanning tools are reporting CVE-2023-28155 against the request package included by kubernetes-client.
https://exchange.xforce.ibmcloud.com/vulnerabilities/250386
https://nvd.nist.gov/vuln/detail/CVE-2023-28155
** Client Version **
0.18.1
** Server Version **
N/A
To Reproduce
install kubernetes-client
Expected behavior
Remediation of security vulnerability.
** Example Code**
N/A
Environment (please complete the following information):
Additional context
The text was updated successfully, but these errors were encountered: