Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update grpc/otelgrpc dependency to fix CVE-2023-47108 #106

Closed
FraPazGal opened this issue Feb 19, 2024 · 2 comments
Closed

Update grpc/otelgrpc dependency to fix CVE-2023-47108 #106

FraPazGal opened this issue Feb 19, 2024 · 2 comments

Comments

@FraPazGal
Copy link

apiserver is using grpc/otelgrpc v0.42.0, which is flagged as affected by CVE-2023-47108. A fix for this vulnerability was introduced in 0.46.0.

Could you confirm whether apiserver is affected by this vulnerability and if so, are there plans to update the related dependency?

Thanks!
@dims
Copy link
Member

dims commented Feb 19, 2024 

This DOES NOT impact kubernetes, as we use OpenTelemetry only for tracing, and not for metrics. go.opentelemetry.io/otel/sdk/metric is not a dependency of this project.

from: kubernetes/kubernetes#121842

/close

@k8s-ci-robot
Copy link
Contributor

@dims: Closing this issue.

In response to this:

This DOES NOT impact kubernetes, as we use OpenTelemetry only for tracing, and not for metrics. go.opentelemetry.io/otel/sdk/metric is not a dependency of this project.

from: kubernetes/kubernetes#121842

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ritazh ritazh mentioned this issue Jun 26, 2024
Closed
@PushkarJ PushkarJ mentioned this issue Jun 29, 2024
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dims @k8s-ci-robot @FraPazGal