Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Addon: add inspektor-gadget #15869

Merged
merged 1 commit into from
May 12, 2023

Conversation

yolossn
Copy link
Contributor

@yolossn yolossn commented Feb 16, 2023

No description provided.

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Feb 16, 2023

CLA Signed

The committers listed above are authorized under a signed CLA.

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 16, 2023
@k8s-ci-robot
Copy link
Contributor

Hi @yolossn. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Feb 16, 2023
@minikube-bot
Copy link
Collaborator

Can one of the admins verify this patch?

@yolossn yolossn force-pushed the addon_inspektor_gadget branch from b1c1af5 to d04a4aa Compare February 16, 2023 17:15
@spowelljr
Copy link
Member

The CLA needs to be signed, also, scanning the image there are four high CVEs in the image.

CVE-2022-27664
Two are from an old version of golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b being used in:
github.com/inspektor-gadget/inspektor-gadget and go-distribution@command-line-arguments

CVE-2022-3515 CVE-2023-0286
And two are related to Ubuntu

@eiffel-fl
Copy link
Contributor

Hi.

The CLA needs to be signed, also, scanning the image there are four high CVEs in the image.

CVE-2022-27664 Two are from an old version of golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b being used in: github.com/inspektor-gadget/inspektor-gadget and go-distribution@command-line-arguments

CVE-2022-3515 CVE-2023-0286 And two are related to Ubuntu

Sorry for this, I will address those issues as much as possible!
Is it OK if we hold this PR until I come back here with some news?

Best regards.

@spowelljr
Copy link
Member

Sorry for this, I will address those issues as much as possible! Is it OK if we hold this PR until I come back here with some news?

For sure, just ping me when you have an update, thanks

@eiffel-fl
Copy link
Contributor

Hi @spowelljr.

Thank you for your patience, we normally addressed all the CVEs and set up scans so we should no more ship CVE in our tool!
Can you please take another look at this contribution?

Best regards and thank you in advance.

@spowelljr
Copy link
Member

Hi @spowelljr.

Thank you for your patience, we normally addressed all the CVEs and set up scans so we should no more ship CVE in our tool! Can you please take another look at this contribution?

Best regards and thank you in advance.

Scan output:

Testing ghcr.io/inspektor-gadget/inspektor-gadget:v0.13.0@sha256:3c33abe01a3239c304b3ce0da4d8715cdca51c0cf77f8776d206dfdf78e57722...

✗ Low severity vulnerability found in sqlite3/libsqlite3-0
  Description: CVE-2020-9991
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SQLITE3-1070680
  Introduced through: gnupg2/gnupg@2.2.19-3ubuntu2.2, python3-defaults/python3@3.8.2-0ubuntu2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, bcc/bcc-tools@0.24.0-1
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gpg@2.2.19-3ubuntu2.2 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  and 1 more...

✗ Low severity vulnerability found in sqlite3/libsqlite3-0
  Description: Information Exposure
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SQLITE3-1070691
  Introduced through: gnupg2/gnupg@2.2.19-3ubuntu2.2, python3-defaults/python3@3.8.2-0ubuntu2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, bcc/bcc-tools@0.24.0-1
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gpg@2.2.19-3ubuntu2.2 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  and 1 more...

✗ Low severity vulnerability found in shadow/passwd
  Description: Time-of-check Time-of-use (TOCTOU)
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-577863
  Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.2, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.2, util-linux/mount@2.34-0.1ubuntu9.3
  From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.2
  From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.2
  From: shadow/login@1:4.8.1-1ubuntu5.20.04.2
  and 1 more...

✗ Low severity vulnerability found in python3.8/libpython3.8-stdlib
  Description: HTTP Request Smuggling
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PYTHON38-1075582
  Introduced through: python3-defaults/libpython3-dev@3.8.2-0ubuntu2, python3-defaults/python3@3.8.2-0ubuntu2, python3.8/libpython3.8@3.8.10-0ubuntu1~20.04.5, python3-defaults/python3-dev@3.8.2-0ubuntu2, python3.8/libpython3.8-dev@3.8.10-0ubuntu1~20.04.5, python3.8/python3.8-dev@3.8.10-0ubuntu1~20.04.5
  From: python3-defaults/libpython3-dev@3.8.2-0ubuntu2 > python3.8/libpython3.8-dev@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3-defaults/libpython3-stdlib@3.8.2-0ubuntu2 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5
  and 15 more...

✗ Low severity vulnerability found in python3.8/libpython3.8-stdlib
  Description: Open Redirect
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PYTHON38-2993103
  Introduced through: python3-defaults/libpython3-dev@3.8.2-0ubuntu2, python3-defaults/python3@3.8.2-0ubuntu2, python3.8/libpython3.8@3.8.10-0ubuntu1~20.04.5, python3-defaults/python3-dev@3.8.2-0ubuntu2, python3.8/libpython3.8-dev@3.8.10-0ubuntu1~20.04.5, python3.8/python3.8-dev@3.8.10-0ubuntu1~20.04.5
  From: python3-defaults/libpython3-dev@3.8.2-0ubuntu2 > python3.8/libpython3.8-dev@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3-defaults/libpython3-stdlib@3.8.2-0ubuntu2 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5
  and 15 more...

✗ Low severity vulnerability found in python-pip/python-pip-whl
  Description: Resource Exhaustion
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PYTHONPIP-1304493
  Introduced through: python-pip/python3-pip@20.0.2-5ubuntu1.6
  From: python-pip/python3-pip@20.0.2-5ubuntu1.6 > python-pip/python-pip-whl@20.0.2-5ubuntu1.6
  From: python-pip/python3-pip@20.0.2-5ubuntu1.6
  Fixed in: 20.0.2-5ubuntu1.7

✗ Low severity vulnerability found in pcre3/libpcre3
  Description: Uncontrolled Recursion
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PCRE3-580031
  Introduced through: pcre3/libpcre3@2:8.39-12ubuntu0.1, grep@3.4-1
  From: pcre3/libpcre3@2:8.39-12ubuntu0.1
  From: grep@3.4-1 > pcre3/libpcre3@2:8.39-12ubuntu0.1

✗ Low severity vulnerability found in pcre2/libpcre2-8-0
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PCRE2-2810784
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > pcre2/libpcre2-8-0@10.34-7
  Fixed in: 10.34-7ubuntu0.1

✗ Low severity vulnerability found in pcre2/libpcre2-8-0
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PCRE2-2810795
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > pcre2/libpcre2-8-0@10.34-7
  Fixed in: 10.34-7ubuntu0.1

✗ Low severity vulnerability found in patch
  Description: Release of Invalid Pointer or Reference
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PATCH-2325780
  Introduced through: patch@2.7.6-6, build-essential@12.8ubuntu1.1
  From: patch@2.7.6-6
  From: build-essential@12.8ubuntu1.1 > dpkg/dpkg-dev@1.19.7ubuntu3.2 > patch@2.7.6-6

✗ Low severity vulnerability found in patch
  Description: Double Free
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PATCH-582546
  Introduced through: patch@2.7.6-6, build-essential@12.8ubuntu1.1
  From: patch@2.7.6-6
  From: build-essential@12.8ubuntu1.1 > dpkg/dpkg-dev@1.19.7ubuntu3.2 > patch@2.7.6-6

✗ Low severity vulnerability found in pam/libpam0g
  Description: Incorrect Authorization
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PAM-3033891
  Introduced through: pam/libpam0g@1.3.1-5ubuntu4.3, shadow/login@1:4.8.1-1ubuntu5.20.04.2, adduser@3.118ubuntu2, util-linux/mount@2.34-0.1ubuntu9.3, pam/libpam-modules-bin@1.3.1-5ubuntu4.3, pam/libpam-modules@1.3.1-5ubuntu4.3, pam/libpam-runtime@1.3.1-5ubuntu4.3
  From: pam/libpam0g@1.3.1-5ubuntu4.3
  From: shadow/login@1:4.8.1-1ubuntu5.20.04.2 > pam/libpam0g@1.3.1-5ubuntu4.3
  From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.2 > pam/libpam0g@1.3.1-5ubuntu4.3
  and 11 more...
  Fixed in: 1.3.1-5ubuntu4.4

✗ Low severity vulnerability found in ncurses/libncursesw6
  Description: Out-of-bounds Write
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-1656318
  Introduced through: ncurses/libncursesw6@6.2-0ubuntu2, procps@2:3.3.16-1ubuntu2.3, util-linux/fdisk@2.34-0.1ubuntu9.3, gnupg2/gnupg@2.2.19-3ubuntu2.2, python3-defaults/python3@3.8.2-0ubuntu2, bcc/bcc-tools@0.24.0-1, meta-common-packages@meta, ncurses/libncurses6@6.2-0ubuntu2, ncurses/ncurses-base@6.2-0ubuntu2, ncurses/ncurses-bin@6.2-0ubuntu2
  From: ncurses/libncursesw6@6.2-0ubuntu2
  From: procps@2:3.3.16-1ubuntu2.3 > ncurses/libncursesw6@6.2-0ubuntu2
  From: util-linux/fdisk@2.34-0.1ubuntu9.3 > ncurses/libncursesw6@6.2-0ubuntu2
  and 8 more...

✗ Low severity vulnerability found in ncurses/libncursesw6
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-2770341
  Introduced through: ncurses/libncursesw6@6.2-0ubuntu2, procps@2:3.3.16-1ubuntu2.3, util-linux/fdisk@2.34-0.1ubuntu9.3, gnupg2/gnupg@2.2.19-3ubuntu2.2, python3-defaults/python3@3.8.2-0ubuntu2, bcc/bcc-tools@0.24.0-1, meta-common-packages@meta, ncurses/libncurses6@6.2-0ubuntu2, ncurses/ncurses-base@6.2-0ubuntu2, ncurses/ncurses-bin@6.2-0ubuntu2
  From: ncurses/libncursesw6@6.2-0ubuntu2
  From: procps@2:3.3.16-1ubuntu2.3 > ncurses/libncursesw6@6.2-0ubuntu2
  From: util-linux/fdisk@2.34-0.1ubuntu9.3 > ncurses/libncursesw6@6.2-0ubuntu2
  and 8 more...

✗ Low severity vulnerability found in heimdal/libasn1-8-heimdal
  Description: NULL Pointer Dereference
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-HEIMDAL-1766738
  Introduced through: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1, gnupg2/dirmngr@2.2.19-3ubuntu2.2, heimdal/libheimbase1-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libwind0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhx509-5-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1, meta-common-packages@meta
  From: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  and 25 more...
  Fixed in: 7.7.0+dfsg-1ubuntu1.1

✗ Low severity vulnerability found in gnupg2/gpgv
  Description: CVE-2022-3219
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GNUPG2-3035407
  Introduced through: gnupg2/gpgv@2.2.19-3ubuntu2.2, apt@2.0.9, gnupg2/gnupg@2.2.19-3ubuntu2.2, gnupg2/gpgconf@2.2.19-3ubuntu2.2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, gnupg2/gnupg-l10n@2.2.19-3ubuntu2.2, gnupg2/gnupg-utils@2.2.19-3ubuntu2.2, gnupg2/gpg@2.2.19-3ubuntu2.2, gnupg2/gpg-agent@2.2.19-3ubuntu2.2, gnupg2/gpg-wks-client@2.2.19-3ubuntu2.2, gnupg2/gpg-wks-server@2.2.19-3ubuntu2.2, gnupg2/gpgsm@2.2.19-3ubuntu2.2
  From: gnupg2/gpgv@2.2.19-3ubuntu2.2
  From: apt@2.0.9 > gnupg2/gpgv@2.2.19-3ubuntu2.2
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gpgv@2.2.19-3ubuntu2.2
  and 27 more...

✗ Low severity vulnerability found in gmp/libgmp10
  Description: Integer Overflow or Wraparound
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GMP-1921284
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > gmp/libgmp10@2:6.2.0+dfsg-4
  Fixed in: 2:6.2.0+dfsg-4ubuntu0.1

✗ Low severity vulnerability found in glibc/libc6-dev
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-1297554
  Introduced through: glibc/libc6-dev@2.31-0ubuntu9.9, expat/libexpat1-dev@2.2.9-1ubuntu0.4, build-essential@12.8ubuntu1.1, python3-defaults/python3-dev@3.8.2-0ubuntu2, glibc/libc-dev-bin@2.31-0ubuntu9.9, glibc/libc-bin@2.31-0ubuntu9.9, meta-common-packages@meta
  From: glibc/libc6-dev@2.31-0ubuntu9.9
  From: expat/libexpat1-dev@2.2.9-1ubuntu0.4 > glibc/libc6-dev@2.31-0ubuntu9.9
  From: build-essential@12.8ubuntu1.1 > glibc/libc6-dev@2.31-0ubuntu9.9
  and 6 more...

✗ Low severity vulnerability found in glibc/libc6-dev
  Description: Allocation of Resources Without Limits or Throttling
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-2415100
  Introduced through: glibc/libc6-dev@2.31-0ubuntu9.9, expat/libexpat1-dev@2.2.9-1ubuntu0.4, build-essential@12.8ubuntu1.1, python3-defaults/python3-dev@3.8.2-0ubuntu2, glibc/libc-dev-bin@2.31-0ubuntu9.9, glibc/libc-bin@2.31-0ubuntu9.9, meta-common-packages@meta
  From: glibc/libc6-dev@2.31-0ubuntu9.9
  From: expat/libexpat1-dev@2.2.9-1ubuntu0.4 > glibc/libc6-dev@2.31-0ubuntu9.9
  From: build-essential@12.8ubuntu1.1 > glibc/libc6-dev@2.31-0ubuntu9.9
  and 6 more...

✗ Low severity vulnerability found in coreutils
  Description: Improper Input Validation
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-COREUTILS-583876
  Introduced through: coreutils@8.30-3ubuntu2
  From: coreutils@8.30-3ubuntu2

✗ Low severity vulnerability found in binutils/binutils-common
  Description: Out-of-bounds Write
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-BINUTILS-2321208
  Introduced through: bcc/bcc-tools@0.24.0-1, binutils@2.34-6ubuntu1.4, bcc/python3-bcc@0.24.0-1, build-essential@12.8ubuntu1.1
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/libbinutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-aarch64-linux-gnu@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  and 11 more...

✗ Low severity vulnerability found in binutils/binutils-common
  Description: Uncontrolled Recursion
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-BINUTILS-3150503
  Introduced through: bcc/bcc-tools@0.24.0-1, binutils@2.34-6ubuntu1.4, bcc/python3-bcc@0.24.0-1, build-essential@12.8ubuntu1.1
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/libbinutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-aarch64-linux-gnu@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  and 11 more...

✗ Low severity vulnerability found in binutils/binutils-common
  Description: Allocation of Resources Without Limits or Throttling
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-BINUTILS-583560
  Introduced through: bcc/bcc-tools@0.24.0-1, binutils@2.34-6ubuntu1.4, bcc/python3-bcc@0.24.0-1, build-essential@12.8ubuntu1.1
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/libbinutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-aarch64-linux-gnu@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  and 11 more...

✗ Low severity vulnerability found in binutils/binutils-common
  Description: Improper Input Validation
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-BINUTILS-584269
  Introduced through: bcc/bcc-tools@0.24.0-1, binutils@2.34-6ubuntu1.4, bcc/python3-bcc@0.24.0-1, build-essential@12.8ubuntu1.1
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/libbinutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-aarch64-linux-gnu@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  and 11 more...

✗ Low severity vulnerability found in binutils/binutils-common
  Description: Missing Release of Resource after Effective Lifetime
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-BINUTILS-842774
  Introduced through: bcc/bcc-tools@0.24.0-1, binutils@2.34-6ubuntu1.4, bcc/python3-bcc@0.24.0-1, build-essential@12.8ubuntu1.1
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/libbinutils@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-aarch64-linux-gnu@2.34-6ubuntu1.4 > binutils/binutils-common@2.34-6ubuntu1.4
  and 11 more...

✗ Medium severity vulnerability found in zlib/zlib1g
  Description: Out-of-bounds Write
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-ZLIB-2975631
  Introduced through: meta-common-packages@meta, zlib/zlib1g-dev@1:1.2.11.dfsg-2ubuntu1.3, python3-defaults/python3-dev@3.8.2-0ubuntu2
  From: meta-common-packages@meta > zlib/zlib1g@1:1.2.11.dfsg-2ubuntu1.3
  From: zlib/zlib1g-dev@1:1.2.11.dfsg-2ubuntu1.3
  From: python3-defaults/python3-dev@3.8.2-0ubuntu2 > python3.8/python3.8-dev@3.8.10-0ubuntu1~20.04.5 > zlib/zlib1g-dev@1:1.2.11.dfsg-2ubuntu1.3
  Fixed in: 1:1.2.11.dfsg-2ubuntu1.5

✗ Medium severity vulnerability found in wheel/python3-wheel
  Description: CVE-2022-40898
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-WHEEL-3180794
  Introduced through: python-pip/python3-pip@20.0.2-5ubuntu1.6
  From: python-pip/python3-pip@20.0.2-5ubuntu1.6 > wheel/python3-wheel@0.34.2-1
  Fixed in: 0.34.2-1ubuntu0.1

✗ Medium severity vulnerability found in wget
  Description: Open Redirect
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-WGET-1278730
  Introduced through: wget@1.20.3-1ubuntu2
  From: wget@1.20.3-1ubuntu2

✗ Medium severity vulnerability found in systemd/libsystemd0
  Description: Off-by-one Error
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-3098845
  Introduced through: systemd/libsystemd0@245.4-4ubuntu3.17, apt@2.0.9, procps/libprocps8@2:3.3.16-1ubuntu2.3, util-linux/bsdutils@1:2.34-0.1ubuntu9.3, util-linux/mount@2.34-0.1ubuntu9.3, systemd/libudev1@245.4-4ubuntu3.17
  From: systemd/libsystemd0@245.4-4ubuntu3.17
  From: apt@2.0.9 > systemd/libsystemd0@245.4-4ubuntu3.17
  From: procps/libprocps8@2:3.3.16-1ubuntu2.3 > systemd/libsystemd0@245.4-4ubuntu3.17
  and 6 more...

✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: Improper Validation of Array Index
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SQLITE3-2961523
  Introduced through: gnupg2/gnupg@2.2.19-3ubuntu2.2, python3-defaults/python3@3.8.2-0ubuntu2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, bcc/bcc-tools@0.24.0-1
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gpg@2.2.19-3ubuntu2.2 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  and 1 more...
  Fixed in: 3.31.1-4ubuntu0.5

✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: CVE-2021-20223
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SQLITE3-2994021
  Introduced through: gnupg2/gnupg@2.2.19-3ubuntu2.2, python3-defaults/python3@3.8.2-0ubuntu2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, bcc/bcc-tools@0.24.0-1
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gpg@2.2.19-3ubuntu2.2 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  and 1 more...
  Fixed in: 3.31.1-4ubuntu0.4

✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: Out-of-Bounds
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SQLITE3-3012501
  Introduced through: gnupg2/gnupg@2.2.19-3ubuntu2.2, python3-defaults/python3@3.8.2-0ubuntu2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, bcc/bcc-tools@0.24.0-1
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gpg@2.2.19-3ubuntu2.2 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  and 1 more...
  Fixed in: 3.31.1-4ubuntu0.4

✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: NULL Pointer Dereference
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SQLITE3-3012511
  Introduced through: gnupg2/gnupg@2.2.19-3ubuntu2.2, python3-defaults/python3@3.8.2-0ubuntu2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, bcc/bcc-tools@0.24.0-1
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gpg@2.2.19-3ubuntu2.2 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  and 1 more...
  Fixed in: 3.31.1-4ubuntu0.4

✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SQLITE3-581593
  Introduced through: gnupg2/gnupg@2.2.19-3ubuntu2.2, python3-defaults/python3@3.8.2-0ubuntu2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, bcc/bcc-tools@0.24.0-1
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gpg@2.2.19-3ubuntu2.2 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1 > sqlite3/libsqlite3-0@3.31.1-4ubuntu0.3
  and 1 more...

✗ Medium severity vulnerability found in setuptools/python3-pkg-resources
  Description: CVE-2022-40897
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SETUPTOOLS-3180897
  Introduced through: python-pip/python3-pip@20.0.2-5ubuntu1.6
  From: python-pip/python3-pip@20.0.2-5ubuntu1.6 > setuptools/python3-setuptools@45.2.0-1 > setuptools/python3-pkg-resources@45.2.0-1
  From: python-pip/python3-pip@20.0.2-5ubuntu1.6 > setuptools/python3-setuptools@45.2.0-1
  Fixed in: 45.2.0-1ubuntu0.1

✗ Medium severity vulnerability found in python3.8/libpython3.8-stdlib
  Description: Resource Exhaustion
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PYTHON38-3111779
  Introduced through: python3-defaults/libpython3-dev@3.8.2-0ubuntu2, python3-defaults/python3@3.8.2-0ubuntu2, python3.8/libpython3.8@3.8.10-0ubuntu1~20.04.5, python3-defaults/python3-dev@3.8.2-0ubuntu2, python3.8/libpython3.8-dev@3.8.10-0ubuntu1~20.04.5, python3.8/python3.8-dev@3.8.10-0ubuntu1~20.04.5
  From: python3-defaults/libpython3-dev@3.8.2-0ubuntu2 > python3.8/libpython3.8-dev@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3-defaults/libpython3-stdlib@3.8.2-0ubuntu2 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8-stdlib@3.8.10-0ubuntu1~20.04.5
  and 15 more...
  Fixed in: 3.8.10-0ubuntu1~20.04.6

✗ Medium severity vulnerability found in python2.7/libpython2.7-stdlib
  Description: Unchecked Return Value
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PYTHON27-2329893
  Introduced through: bcc/bcc-tools@0.24.0-1
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > what-is-python/python-is-python2@2.7.17-4 > python-defaults/python2@2.7.17-2ubuntu4 > python-defaults/libpython2-stdlib@2.7.17-2ubuntu4 > python2.7/libpython2.7-stdlib@2.7.18-1~20.04.3
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > what-is-python/python-is-python2@2.7.17-4 > python-defaults/python2@2.7.17-2ubuntu4 > python2.7@2.7.18-1~20.04.3 > python2.7/libpython2.7-stdlib@2.7.18-1~20.04.3
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > what-is-python/python-is-python2@2.7.17-4 > python-defaults/python2@2.7.17-2ubuntu4 > python-defaults/python2-minimal@2.7.17-2ubuntu4 > python2.7/python2.7-minimal@2.7.18-1~20.04.3
  and 4 more...

✗ Medium severity vulnerability found in python2.7/libpython2.7-stdlib
  Description: Arbitrary Code Injection
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PYTHON27-2404142
  Introduced through: bcc/bcc-tools@0.24.0-1
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > what-is-python/python-is-python2@2.7.17-4 > python-defaults/python2@2.7.17-2ubuntu4 > python-defaults/libpython2-stdlib@2.7.17-2ubuntu4 > python2.7/libpython2.7-stdlib@2.7.18-1~20.04.3
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > what-is-python/python-is-python2@2.7.17-4 > python-defaults/python2@2.7.17-2ubuntu4 > python2.7@2.7.18-1~20.04.3 > python2.7/libpython2.7-stdlib@2.7.18-1~20.04.3
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > what-is-python/python-is-python2@2.7.17-4 > python-defaults/python2@2.7.17-2ubuntu4 > python-defaults/python2-minimal@2.7.17-2ubuntu4 > python2.7/python2.7-minimal@2.7.18-1~20.04.3
  and 4 more...

✗ Medium severity vulnerability found in python-pip/python-pip-whl
  Description: CVE-2022-40898
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PYTHONPIP-3180795
  Introduced through: python-pip/python3-pip@20.0.2-5ubuntu1.6
  From: python-pip/python3-pip@20.0.2-5ubuntu1.6 > python-pip/python-pip-whl@20.0.2-5ubuntu1.6
  From: python-pip/python3-pip@20.0.2-5ubuntu1.6
  Fixed in: 20.0.2-5ubuntu1.7

✗ Medium severity vulnerability found in python-pip/python-pip-whl
  Description: CVE-2022-40897
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PYTHONPIP-3180896
  Introduced through: python-pip/python3-pip@20.0.2-5ubuntu1.6
  From: python-pip/python3-pip@20.0.2-5ubuntu1.6 > python-pip/python-pip-whl@20.0.2-5ubuntu1.6
  From: python-pip/python3-pip@20.0.2-5ubuntu1.6
  Fixed in: 20.0.2-5ubuntu1.7

✗ Medium severity vulnerability found in perl/perl-modules-5.30
  Description: Improper Verification of Cryptographic Signature
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PERL-1930907
  Introduced through: perl/perl-modules-5.30@5.30.0-9ubuntu0.2, libalgorithm-diff-perl@1.19.03-2, perl/libperl5.30@5.30.0-9ubuntu0.2, perl@5.30.0-9ubuntu0.2, libalgorithm-diff-xs-perl@0.04-6, libalgorithm-merge-perl@0.08-3, libfile-fcntllock-perl@0.22-3build4, meta-common-packages@meta
  From: perl/perl-modules-5.30@5.30.0-9ubuntu0.2
  From: libalgorithm-diff-perl@1.19.03-2 > perl@5.30.0-9ubuntu0.2 > perl/perl-modules-5.30@5.30.0-9ubuntu0.2
  From: libalgorithm-diff-perl@1.19.03-2 > perl@5.30.0-9ubuntu0.2 > perl/libperl5.30@5.30.0-9ubuntu0.2 > perl/perl-modules-5.30@5.30.0-9ubuntu0.2
  and 8 more...
  Fixed in: 5.30.0-9ubuntu0.3

✗ Medium severity vulnerability found in openssl/libssl1.1
  Description: Double Free
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-3314692
  Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, kmod@27-1ubuntu2.1, wget@1.20.3-1ubuntu2, python-pip/python3-pip@20.0.2-5ubuntu1.6, python3-defaults/python3@3.8.2-0ubuntu2, bcc/bcc-tools@0.24.0-1
  From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  From: kmod@27-1ubuntu2.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  From: wget@1.20.3-1ubuntu2 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  and 5 more...
  Fixed in: 1.1.1f-1ubuntu2.17

✗ Medium severity vulnerability found in openssl/libssl1.1
  Description: CVE-2022-4304
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-3314703
  Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, kmod@27-1ubuntu2.1, wget@1.20.3-1ubuntu2, python-pip/python3-pip@20.0.2-5ubuntu1.6, python3-defaults/python3@3.8.2-0ubuntu2, bcc/bcc-tools@0.24.0-1
  From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  From: kmod@27-1ubuntu2.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  From: wget@1.20.3-1ubuntu2 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  and 5 more...
  Fixed in: 1.1.1f-1ubuntu2.17

✗ Medium severity vulnerability found in openssl/libssl1.1
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-3314740
  Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, kmod@27-1ubuntu2.1, wget@1.20.3-1ubuntu2, python-pip/python3-pip@20.0.2-5ubuntu1.6, python3-defaults/python3@3.8.2-0ubuntu2, bcc/bcc-tools@0.24.0-1
  From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  From: kmod@27-1ubuntu2.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  From: wget@1.20.3-1ubuntu2 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  and 5 more...
  Fixed in: 1.1.1f-1ubuntu2.17

✗ Medium severity vulnerability found in libksba/libksba8
  Description: Integer Overflow or Wraparound
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-LIBKSBA-3180286
  Introduced through: libksba/libksba8@1.3.5-2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, gnupg2/gnupg@2.2.19-3ubuntu2.2
  From: libksba/libksba8@1.3.5-2
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > libksba/libksba8@1.3.5-2
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gnupg-utils@2.2.19-3ubuntu2.2 > libksba/libksba8@1.3.5-2
  and 1 more...
  Fixed in: 1.3.5-2ubuntu0.20.04.2

✗ Medium severity vulnerability found in heimdal/libasn1-8-heimdal
  Description: CVE-2022-3116
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-HEIMDAL-3042504
  Introduced through: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1, gnupg2/dirmngr@2.2.19-3ubuntu2.2, heimdal/libheimbase1-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libwind0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhx509-5-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1, meta-common-packages@meta
  From: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  and 25 more...
  Fixed in: 7.7.0+dfsg-1ubuntu1.1

✗ Medium severity vulnerability found in heimdal/libasn1-8-heimdal
  Description: Heap-based Buffer Overflow
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-HEIMDAL-3087807
  Introduced through: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1, gnupg2/dirmngr@2.2.19-3ubuntu2.2, heimdal/libheimbase1-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libwind0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhx509-5-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1, meta-common-packages@meta
  From: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  and 25 more...
  Fixed in: 7.7.0+dfsg-1ubuntu1.3

✗ Medium severity vulnerability found in heimdal/libasn1-8-heimdal
  Description: NULL Pointer Dereference
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-HEIMDAL-3120972
  Introduced through: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1, gnupg2/dirmngr@2.2.19-3ubuntu2.2, heimdal/libheimbase1-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libwind0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhx509-5-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1, meta-common-packages@meta
  From: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  and 25 more...
  Fixed in: 7.7.0+dfsg-1ubuntu1.3

✗ Medium severity vulnerability found in heimdal/libasn1-8-heimdal
  Description: CVE-2022-44640
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-HEIMDAL-3120978
  Introduced through: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1, gnupg2/dirmngr@2.2.19-3ubuntu2.2, heimdal/libheimbase1-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libwind0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhx509-5-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1, meta-common-packages@meta
  From: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  and 25 more...
  Fixed in: 7.7.0+dfsg-1ubuntu1.3

✗ Medium severity vulnerability found in heimdal/libasn1-8-heimdal
  Description: Off-by-one Error
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-HEIMDAL-3124858
  Introduced through: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1, gnupg2/dirmngr@2.2.19-3ubuntu2.2, heimdal/libheimbase1-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libwind0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhx509-5-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1, meta-common-packages@meta
  From: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  and 25 more...
  Fixed in: 7.7.0+dfsg-1ubuntu1.2

✗ Medium severity vulnerability found in heimdal/libasn1-8-heimdal
  Description: Integer Overflow or Wraparound
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-HEIMDAL-3126898
  Introduced through: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1, gnupg2/dirmngr@2.2.19-3ubuntu2.2, heimdal/libheimbase1-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libwind0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhx509-5-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1, meta-common-packages@meta
  From: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  and 25 more...
  Fixed in: 7.7.0+dfsg-1ubuntu1.3

✗ Medium severity vulnerability found in heimdal/libasn1-8-heimdal
  Description: CVE-2022-45142
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-HEIMDAL-3315888
  Introduced through: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1, gnupg2/dirmngr@2.2.19-3ubuntu2.2, heimdal/libheimbase1-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libwind0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libhx509-5-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libkrb5-26-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libheimntlm0-heimdal@7.7.0+dfsg-1ubuntu1, heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1, meta-common-packages@meta
  From: heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.9 > heimdal/libgssapi3-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libhcrypto4-heimdal@7.7.0+dfsg-1ubuntu1 > heimdal/libasn1-8-heimdal@7.7.0+dfsg-1ubuntu1
  and 25 more...
  Fixed in: 7.7.0+dfsg-1ubuntu1.4

✗ Medium severity vulnerability found in gnutls28/libgnutls30
  Description: CVE-2023-0361
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GNUTLS28-3319580
  Introduced through: gnutls28/libgnutls30@3.6.13-2ubuntu1.7, apt@2.0.9, gnupg2/dirmngr@2.2.19-3ubuntu2.2
  From: gnutls28/libgnutls30@3.6.13-2ubuntu1.7
  From: apt@2.0.9 > gnutls28/libgnutls30@3.6.13-2ubuntu1.7
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > gnutls28/libgnutls30@3.6.13-2ubuntu1.7
  and 1 more...

✗ Medium severity vulnerability found in gcc-defaults/cpp
  Description: Information Exposure
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GCCDEFAULTS-584255
  Introduced through: gcc-defaults/cpp@4:9.3.0-1ubuntu2, build-essential@12.8ubuntu1.1, gcc-defaults/gcc@4:9.3.0-1ubuntu2, gcc-defaults/g++@4:9.3.0-1ubuntu2
  From: gcc-defaults/cpp@4:9.3.0-1ubuntu2
  From: build-essential@12.8ubuntu1.1 > gcc-defaults/g++@4:9.3.0-1ubuntu2 > gcc-defaults/cpp@4:9.3.0-1ubuntu2
  From: build-essential@12.8ubuntu1.1 > gcc-defaults/gcc@4:9.3.0-1ubuntu2 > gcc-defaults/cpp@4:9.3.0-1ubuntu2
  and 5 more...

✗ Medium severity vulnerability found in gcc-9
  Description: Information Exposure
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GCC9-584247
  Introduced through: gcc-9@9.4.0-1ubuntu1~20.04.1, build-essential@12.8ubuntu1.1, gcc-9/gcc-9-base@9.4.0-1ubuntu1~20.04.1, gcc-9/libgcc-9-dev@9.4.0-1ubuntu1~20.04.1, gcc-9/libstdc++-9-dev@9.4.0-1ubuntu1~20.04.1, gcc-9/g++-9@9.4.0-1ubuntu1~20.04.1, gcc-9/cpp-9@9.4.0-1ubuntu1~20.04.1, gcc-9/libasan5@9.4.0-1ubuntu1~20.04.1
  From: gcc-9@9.4.0-1ubuntu1~20.04.1
  From: build-essential@12.8ubuntu1.1 > gcc-defaults/g++@4:9.3.0-1ubuntu2 > gcc-9@9.4.0-1ubuntu1~20.04.1
  From: build-essential@12.8ubuntu1.1 > gcc-defaults/gcc@4:9.3.0-1ubuntu2 > gcc-9@9.4.0-1ubuntu1~20.04.1
  and 20 more...

✗ Medium severity vulnerability found in expat/libexpat1
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-EXPAT-3024518
  Introduced through: expat/libexpat1-dev@2.2.9-1ubuntu0.4, python3-defaults/libpython3-dev@3.8.2-0ubuntu2, python3-defaults/python3@3.8.2-0ubuntu2, bcc/bcc-tools@0.24.0-1, python3-defaults/python3-dev@3.8.2-0ubuntu2
  From: expat/libexpat1-dev@2.2.9-1ubuntu0.4 > expat/libexpat1@2.2.9-1ubuntu0.4
  From: python3-defaults/libpython3-dev@3.8.2-0ubuntu2 > python3.8/libpython3.8-dev@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8@3.8.10-0ubuntu1~20.04.5 > expat/libexpat1@2.2.9-1ubuntu0.4
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/python3.8-minimal@3.8.10-0ubuntu1~20.04.5 > expat/libexpat1@2.2.9-1ubuntu0.4
  and 4 more...
  Fixed in: 2.2.9-1ubuntu0.5

✗ Medium severity vulnerability found in expat/libexpat1
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-EXPAT-3063169
  Introduced through: expat/libexpat1-dev@2.2.9-1ubuntu0.4, python3-defaults/libpython3-dev@3.8.2-0ubuntu2, python3-defaults/python3@3.8.2-0ubuntu2, bcc/bcc-tools@0.24.0-1, python3-defaults/python3-dev@3.8.2-0ubuntu2
  From: expat/libexpat1-dev@2.2.9-1ubuntu0.4 > expat/libexpat1@2.2.9-1ubuntu0.4
  From: python3-defaults/libpython3-dev@3.8.2-0ubuntu2 > python3.8/libpython3.8-dev@3.8.10-0ubuntu1~20.04.5 > python3.8/libpython3.8@3.8.10-0ubuntu1~20.04.5 > expat/libexpat1@2.2.9-1ubuntu0.4
  From: python3-defaults/python3@3.8.2-0ubuntu2 > python3.8@3.8.10-0ubuntu1~20.04.5 > python3.8/python3.8-minimal@3.8.10-0ubuntu1~20.04.5 > expat/libexpat1@2.2.9-1ubuntu0.4
  and 4 more...
  Fixed in: 2.2.9-1ubuntu0.6

✗ Medium severity vulnerability found in binutils/libctf-nobfd0
  Description: Out-of-bounds Write
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-BINUTILS-2994005
  Introduced through: bcc/bcc-tools@0.24.0-1
  From: bcc/bcc-tools@0.24.0-1 > bcc/python-bcc@0.24.0-1 > binutils@2.34-6ubuntu1.4 > binutils/binutils-aarch64-linux-gnu@2.34-6ubuntu1.4 > binutils/libctf-nobfd0@2.34-6ubuntu1.3
  Fixed in: 2.34-6ubuntu1.4

✗ High severity vulnerability found in openssl/libssl1.1
  Description: Access of Resource Using Incompatible Type ('Type Confusion')
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-3314788
  Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, kmod@27-1ubuntu2.1, wget@1.20.3-1ubuntu2, python-pip/python3-pip@20.0.2-5ubuntu1.6, python3-defaults/python3@3.8.2-0ubuntu2, bcc/bcc-tools@0.24.0-1
  From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  From: kmod@27-1ubuntu2.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  From: wget@1.20.3-1ubuntu2 > openssl/libssl1.1@1.1.1f-1ubuntu2.16
  and 5 more...
  Fixed in: 1.1.1f-1ubuntu2.17

✗ High severity vulnerability found in libksba/libksba8
  Description: Integer Overflow or Wraparound
  Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-LIBKSBA-3050813
  Introduced through: libksba/libksba8@1.3.5-2, gnupg2/dirmngr@2.2.19-3ubuntu2.2, gnupg2/gnupg@2.2.19-3ubuntu2.2
  From: libksba/libksba8@1.3.5-2
  From: gnupg2/dirmngr@2.2.19-3ubuntu2.2 > libksba/libksba8@1.3.5-2
  From: gnupg2/gnupg@2.2.19-3ubuntu2.2 > gnupg2/gnupg-utils@2.2.19-3ubuntu2.2 > libksba/libksba8@1.3.5-2
  and 1 more...
  Fixed in: 1.3.5-2ubuntu0.20.04.1



Package manager:   deb
Project name:      docker-image|ghcr.io/inspektor-gadget/inspektor-gadget:v0.13.0
Docker image:      ghcr.io/inspektor-gadget/inspektor-gadget:v0.13.0@sha256:3c33abe01a3239c304b3ce0da4d8715cdca51c0cf77f8776d206dfdf78e57722
Platform:          linux/arm64
Licenses:          enabled

Tested 227 dependencies for known issues, found 60 issues.

-------------------------------------------------------

Testing ghcr.io/inspektor-gadget/inspektor-gadget:v0.13.0@sha256:3c33abe01a3239c304b3ce0da4d8715cdca51c0cf77f8776d206dfdf78e57722...

✗ Medium severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.4.0

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3028257
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.7.0



Package manager:   gomodules
Target file:       /opt/hooks/nri/nrigadget
Project name:      go-distribution@command-line-arguments
Docker image:      ghcr.io/inspektor-gadget/inspektor-gadget:v0.13.0@sha256:3c33abe01a3239c304b3ce0da4d8715cdca51c0cf77f8776d206dfdf78e57722
Licenses:          enabled

Tested 87 dependencies for known issues, found 3 issues.

-------------------------------------------------------

Testing ghcr.io/inspektor-gadget/inspektor-gadget:v0.13.0@sha256:3c33abe01a3239c304b3ce0da4d8715cdca51c0cf77f8776d206dfdf78e57722...

✗ Medium severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.4.0

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3028257
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.7.0



Package manager:   gomodules
Target file:       /opt/hooks/oci/ocihookgadget
Project name:      go-distribution@command-line-arguments
Docker image:      ghcr.io/inspektor-gadget/inspektor-gadget:v0.13.0@sha256:3c33abe01a3239c304b3ce0da4d8715cdca51c0cf77f8776d206dfdf78e57722
Licenses:          enabled

Tested 102 dependencies for known issues, found 3 issues.

-------------------------------------------------------

Testing ghcr.io/inspektor-gadget/inspektor-gadget:v0.13.0@sha256:3c33abe01a3239c304b3ce0da4d8715cdca51c0cf77f8776d206dfdf78e57722...

✗ Medium severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.4.0

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3028257
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837
  Introduced through: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  From: golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
  Fixed in: 0.7.0



Package manager:   gomodules
Target file:       /usr/bin/gadgettracermanager
Project name:      github.com/inspektor-gadget/inspektor-gadget
Docker image:      ghcr.io/inspektor-gadget/inspektor-gadget:v0.13.0@sha256:3c33abe01a3239c304b3ce0da4d8715cdca51c0cf77f8776d206dfdf78e57722
Licenses:          enabled

Tested 585 dependencies for known issues, found 3 issues.


Tested 4 projects, 4 contained vulnerable paths.

@eiffel-fl
Copy link
Contributor

eiffel-fl commented Feb 21, 2023

Oh sorry 😅, indeed the v0.13.0 has those problems but it should not be the case for latest.
Should we push a newer commit?

@spowelljr
Copy link
Member

Oh sorry 😅, indeed the v0.13.0 has those problems but it should not be the case for latest. Should we push a newer commit?

Yes, feel free to push a newer version, just ensure to use a version tag and sha256 like the PR is already using.

Copy link
Contributor

@eiffel-fl eiffel-fl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for working on this!
We just released v0.13.1 which normally addresses the CVE issues found there.
Can you please modify the files to point to this release?

deploy/addons/inspektor-gadget/ig-daemonset.yaml.tmpl Outdated Show resolved Hide resolved
pkg/minikube/assets/addons.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Feb 23, 2023
@yolossn yolossn force-pushed the addon_inspektor_gadget branch from 6c31692 to 383bd61 Compare February 23, 2023 10:54
@yolossn yolossn force-pushed the addon_inspektor_gadget branch from 383bd61 to 897e448 Compare March 7, 2023 11:54
@yolossn
Copy link
Contributor Author

yolossn commented Mar 10, 2023

@spowelljr can you please take another look? The image is updated to fix the CVE issues.

Copy link
Contributor

@eiffel-fl eiffel-fl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to automatically install the latest version?
Or we would need to update this each time we do a new release?

pkg/minikube/assets/addons.go Outdated Show resolved Hide resolved
deploy/addons/inspektor-gadget/ig-daemonset.yaml.tmpl Outdated Show resolved Hide resolved
@yolossn yolossn force-pushed the addon_inspektor_gadget branch from 95db24a to e7fbbbf Compare March 10, 2023 11:06
@yolossn
Copy link
Contributor Author

yolossn commented Mar 10, 2023

Is it possible to automatically install the latest version? Or we would need to update this each time we do a new release?

AFAIK we cannot use the latest tag and we have to update after every new release. There is scope for automating this using Github Actions.

@eiffel-fl
Copy link
Contributor

Is it possible to automatically install the latest version? Or we would need to update this each time we do a new release?

AFAIK we cannot use the latest tag and we have to update after every new release. There is scope for automating this using Github Actions.

Thank you for confirming!
Can you please extend what you mean regarding automating this with GitHub Actions?
Something like what rajatjindal/krew-release-bot offers?

@yolossn
Copy link
Contributor Author

yolossn commented Mar 20, 2023

Thank you for confirming! Can you please extend what you mean regarding automating this with GitHub Actions? Something like what rajatjindal/krew-release-bot offers?

For Headlamp we have github actions in place to automatically create a PR for changing the latest image version and SHA.
https://github.com/headlamp-k8s/headlamp/blob/main/.github/workflows/pr-to-update-minikube.yml

@eiffel-fl
Copy link
Contributor

eiffel-fl commented Apr 11, 2023

Hi!

I normally addressed everything regarding having both pip and python distro packages, so can you please scan sha256:9c35ddef381c64583ffa198b81d8e34e5f73d6f6e52dbfc66627a3093e2312db?

Best regards and thank you in advance!

@spowelljr
Copy link
Member

Hi!

I normally addressed everything regarding having both pip and python distro packages, so can you please scan sha256:9c35ddef381c64583ffa198b81d8e34e5f73d6f6e52dbfc66627a3093e2312db?

Best regards and thank you in advance!

Image is secure!

@eiffel-fl
Copy link
Contributor

Perfect! Thank you :D :D :D

Copy link
Contributor

@eiffel-fl eiffel-fl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should do the trick :D:

pkg/minikube/assets/addons.go Outdated Show resolved Hide resolved
deploy/addons/inspektor-gadget/ig-daemonset.yaml.tmpl Outdated Show resolved Hide resolved
@yolossn yolossn force-pushed the addon_inspektor_gadget branch from ba28632 to 9b87ee5 Compare May 8, 2023 17:16
@yolossn yolossn requested a review from spowelljr May 8, 2023 17:19
@spowelljr
Copy link
Member

@yolossn @eiffel-fl Promise I'm not trying to be a pain, but the v0.16.0 image introduces a new critical CVE.

sha256:9c35ddef381c64583ffa198b81d8e34e5f73d6f6e52dbfc66627a3093e2312db

14 vulnerabilities found in 3 packages
  UNSPECIFIED  3  
  LOW          4  
  MEDIUM       5  
  HIGH         2  
  CRITICAL     0  

v0.16.0

6 vulnerabilities found in 3 packages
  UNSPECIFIED  3  
  LOW          0  
  MEDIUM       0  
  HIGH         2  
  CRITICAL     1  
   1C     0H     0M     0L  pyyaml 5.3.1
pkg:pypi/pyyaml@5.3.1

gadget-default.Dockerfile (46:52)
RUN set -ex; \
	export DEBIAN_FRONTEND=noninteractive; \
	apt-get update && \
	apt-get install -y --no-install-recommends \
		ca-certificates jq wget xz-utils binutils socat libclang-11-dev libelf-dev llvm-11-dev && \
	rmdir /usr/src && ln -sf /host/usr/src /usr/src && \
	rm -f /etc/localtime && ln -sf /host/etc/localtime /etc/localtime

    ✗ CRITICAL CVE-2020-14343 [Improper Input Validation]
      https://dso.docker.com/cve/CVE-2020-14343
      Affected range : <5.4                                          
      Fixed version  : 5.4                                           
      CVSS Score     : 9.8                                           
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H  
    

   0C     2H     0M     0L  pygments 2.3.1
pkg:pypi/pygments@2.3.1

gadget-default.Dockerfile (46:52)
RUN set -ex; \
	export DEBIAN_FRONTEND=noninteractive; \
	apt-get update && \
	apt-get install -y --no-install-recommends \
		ca-certificates jq wget xz-utils binutils socat libclang-11-dev libelf-dev llvm-11-dev && \
	rmdir /usr/src && ln -sf /host/usr/src /usr/src && \
	rm -f /etc/localtime && ln -sf /host/etc/localtime /etc/localtime

    ✗ HIGH CVE-2021-27291
      https://dso.docker.com/cve/CVE-2021-27291
      Affected range : >=1.1                                         
                     : <2.7.4                                        
      Fixed version  : 2.7.4                                         
      CVSS Score     : 7.5                                           
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H  
    
    ✗ HIGH CVE-2021-20270 [Loop with Unreachable Exit Condition ('Infinite Loop')]
      https://dso.docker.com/cve/CVE-2021-20270
      Affected range : >=1.5                                         
                     : <2.7.4                                        
      Fixed version  : 2.7.4                                         
      CVSS Score     : 7.5                                           
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H  

@eiffel-fl
Copy link
Contributor

Promise I'm not trying to be a pain, but the v0.16.0 image introduces a new critical CVE.

No problem at all, to be honest, I was sort of expecting this kind of stuff.
I try to take a look at this this week and I will ping here when I dealt with it!

Copy link
Contributor

@eiffel-fl eiffel-fl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, these packages were added in inspektor-gadget/inspektor-gadget#1563 and we already removed them in inspektor-gadget/inspektor-gadget#1596 which was sadly not packaged in the release.
Bumping the image to sha256:3acd2756a8dde2a994b57a0982b84b86eb404a1dbd6169b9b95135dc078877cc should do the trick.

@spowelljr
Copy link
Member

OK, these packages were added in inspektor-gadget/inspektor-gadget#1563 and we already removed them in inspektor-gadget/inspektor-gadget#1596 which was sadly not packaged in the release. Bumping the image to sha256:3acd2756a8dde2a994b57a0982b84b86eb404a1dbd6169b9b95135dc078877cc should do the trick.

Can confirm that image has no CVEs

Copy link
Contributor

@eiffel-fl eiffel-fl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We just release v0.16.1 as bugfix release to avoid shipping the faulted packages.

We should normally be almost ready for the merge!

deploy/addons/inspektor-gadget/ig-daemonset.yaml.tmpl Outdated Show resolved Hide resolved
@spowelljr
Copy link
Member

For the above suggestions, just remember to include the sha256 for the image as well for added security

Signed-off-by: yolossn <sannagaraj@microsoft.com>
@yolossn yolossn force-pushed the addon_inspektor_gadget branch from 6980851 to 9f7d997 Compare May 11, 2023 13:00
test/integration/addons_test.go Outdated Show resolved Hide resolved
@yolossn yolossn force-pushed the addon_inspektor_gadget branch from 9f7d997 to f7c0a00 Compare May 11, 2023 16:58
@spowelljr
Copy link
Member

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 11, 2023
@yolossn yolossn force-pushed the addon_inspektor_gadget branch from f7c0a00 to c6878c4 Compare May 11, 2023 17:06
@yolossn
Copy link
Contributor Author

yolossn commented May 11, 2023

/retest

@minikube-pr-bot
Copy link

kvm2 driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 15869) |
+----------------+----------+---------------------+
| minikube start | 52.7s    | 49.9s               |
| enable ingress | 27.4s    | 27.7s               |
+----------------+----------+---------------------+

Times for minikube ingress: 27.2s 27.2s 28.6s 26.6s 27.6s
Times for minikube (PR 15869) ingress: 28.2s 29.2s 27.8s 25.7s 27.6s

Times for minikube start: 52.7s 52.6s 51.3s 54.8s 52.2s
Times for minikube (PR 15869) start: 47.9s 49.5s 50.0s 49.0s 53.1s

docker driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 15869) |
+----------------+----------+---------------------+
| minikube start | 24.2s    | 23.7s               |
| enable ingress | 22.1s    | 21.7s               |
+----------------+----------+---------------------+

Times for minikube start: 24.7s 25.5s 22.1s 22.8s 26.1s
Times for minikube (PR 15869) start: 23.2s 22.5s 26.0s 24.7s 22.1s

Times for minikube ingress: 24.4s 21.4s 21.4s 20.9s 22.4s
Times for minikube (PR 15869) ingress: 21.9s 22.4s 21.4s 21.9s 20.9s

docker driver with containerd runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 15869) |
+----------------+----------+---------------------+
| minikube start | 21.6s    | 21.8s               |
| enable ingress | 31.4s    | 31.2s               |
+----------------+----------+---------------------+

Times for minikube start: 21.4s 21.2s 20.9s 21.2s 23.4s
Times for minikube (PR 15869) start: 22.8s 20.6s 21.0s 23.5s 21.0s

Times for minikube ingress: 31.4s 31.4s 31.4s 31.4s 31.3s
Times for minikube (PR 15869) ingress: 30.4s 31.3s 30.4s 31.4s 32.4s

@minikube-pr-bot
Copy link

These are the flake rates of all failed tests.

Environment Failed Tests Flake Rate (%)
Docker_Linux_crio_arm64 TestNetworkPlugins/group/calico/Start (gopogh) 2.55 (chart)
QEMU_macOS TestFunctional/parallel/CpCmd (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/DashboardCmd (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/DockerEnv/bash (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/FileSync (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ImageCommands/ImageBuild (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ImageCommands/ImageListTable (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ImageCommands/ImageLoadDaemon (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ImageCommands/ImageLoadFromFile (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ImageCommands/ImageReloadDaemon (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ImageCommands/ImageSaveToFile (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ImageCommands/ImageTagAndLoadDaemon (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/NodeLabels (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/NonActiveRuntimeDisabled (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/PersistentVolumeClaim (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ServiceCmd/DeployApp (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ServiceCmd/Format (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ServiceCmd/HTTPS (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ServiceCmd/JSONOutput (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ServiceCmd/List (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/ServiceCmd/URL (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/StatusCmd (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/TunnelCmd/serial/AccessDirect (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/TunnelCmd/serial/AccessThroughDNS (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/TunnelCmd/serial/DNSResolutionByDig (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/TunnelCmd/serial/WaitService/Setup (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/UpdateContextCmd/no_clusters (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/UpdateContextCmd/no_minikube_cluster (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/parallel/Version/components (gopogh) 3.21 (chart)
QEMU_macOS TestFunctional/serial/CacheCmd/cache/cache_reload (gopogh) 3.21 (chart)
More tests... Continued...

Too many tests failed - See test logs for more details.

To see the flake rates of all tests by environment, click here.

Copy link
Member

@spowelljr spowelljr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addon looks good, thank you for your patience!

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: spowelljr, yolossn

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 11, 2023
@spowelljr spowelljr merged commit d6c37ee into kubernetes:master May 12, 2023
@yolossn
Copy link
Contributor Author

yolossn commented May 12, 2023

Thank you @spowelljr for being patient and helping us identify CVEs in this process, much appreciated.

@eiffel-fl
Copy link
Contributor

I joined @yolossn to also thank you @spowelljr as the process was pretty long with a lof ot back and forth!
But at the end, both projects are better 🎉 🎉 🎉!

Also, thank you @yolossn for your patience addressing all my comments (and sorry for forgetting the comma 😅) 🔥 🔥 🔥 !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants