PB-4519: Support for adding Limited Availability state for Backup Location #241

prashanthpx · 2024-04-15T14:34:23Z

What this PR does / why we need it:
Support for adding Limited Availability state for Backup Location

Which issue(s) this PR fixes (optional)
PB-4519

Special notes for your reviewer:

github-actions · 2024-04-15T14:35:06Z

OSS Scan Results:

Title	Severity	Package Name	CVEs	Fix version	Introduced
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	google.golang.org/grpc	['CVE-2023-44487']	['1.56.3', '1.57.1', '1.58.3']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/internal/encoding/json	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/internal/encoding/json	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/internal/encoding/json	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Improper Input Validation	high	sigs.k8s.io/aws-iam-authenticator/pkg/token	['CVE-2022-2385']	['0.5.9']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5']

Total issues: 43

github-actions · 2024-04-15T14:35:07Z

License Evaluation Results:

Title	Package Name	Package Version	Severity	License Info	Introduced	Dependency Type

Total License Issues: 0

github-actions · 2024-04-16T09:57:47Z

OSS Scan Results:

Title	Severity	Package Name	CVEs	Fix version	Introduced
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	google.golang.org/grpc	['CVE-2023-44487']	['1.56.3', '1.57.1', '1.58.3']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/internal/encoding/json	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/internal/encoding/json	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/internal/encoding/json	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Improper Input Validation	high	sigs.k8s.io/aws-iam-authenticator/pkg/token	['CVE-2022-2385']	['0.5.9']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5']

Total issues: 43

github-actions · 2024-04-16T09:57:48Z

License Evaluation Results:

Title	Package Name	Package Version	Severity	License Info	Introduced	Dependency Type

Total License Issues: 0

… is being enabled when we want to do partial backups. Signed-off-by: kgarg-px <kgarg@purestorage.com>

Signed-off-by: kgarg-px <kgarg@purestorage.com>

github-actions · 2024-05-16T13:56:49Z

OSS Scan Results:

Title	Severity	Package Name	CVEs	Fix version	Introduced
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/auth@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/cli-runtime/pkg/printers@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/remotecommand@0.25.1', 'k8s.io/client-go/transport/spdy@0.25.1', 'k8s.io/client-go/rest@0.25.1', 'k8s.io/client-go/transport@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5', 'k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.25.1', 'k8s.io/client-go/pkg/apis/clientauthentication@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Allocation of Resources Without Limits or Throttling	high	golang.org/x/net/http2	['CVE-2023-45288']	['0.23.0']	['github.com/portworx/px-backup-api@0.0.0', 'k8s.io/client-go/tools/clientcmd@0.25.1', 'k8s.io/client-go/tools/clientcmd/api/latest@0.25.1', 'k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.25.1', 'k8s.io/apimachinery/pkg/apis/meta/v1@0.25.1', 'k8s.io/apimachinery/pkg/watch@0.25.1', 'k8s.io/apimachinery/pkg/util/net@0.25.1', 'golang.org/x/net/http2@0.10.0']
Denial of Service (DoS)	high	google.golang.org/grpc	['CVE-2023-44487']	['1.56.3', '1.57.1', '1.58.3']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/encoding/protojson	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/internal/encoding/json	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0', 'github.com/golang/protobuf/jsonpb@1.5.3', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/internal/encoding/json	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options@2.6.0', 'google.golang.org/protobuf/types/known/structpb@1.31.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Infinite loop	medium	google.golang.org/protobuf/internal/encoding/json	['CVE-2024-24786']	['1.33.0']	['github.com/portworx/px-backup-api@0.0.0', 'google.golang.org/grpc@1.57.0', 'google.golang.org/grpc/internal/transport@1.57.0', 'google.golang.org/grpc/internal/pretty@1.57.0', 'google.golang.org/protobuf/encoding/protojson@1.31.0', 'google.golang.org/protobuf/internal/encoding/json@1.31.0']
Improper Input Validation	high	sigs.k8s.io/aws-iam-authenticator/pkg/token	['CVE-2022-2385']	['0.5.9']	['github.com/portworx/px-backup-api@0.0.0', 'sigs.k8s.io/aws-iam-authenticator/pkg/token@0.5.5']

Total issues: 43

github-actions · 2024-05-16T13:56:49Z

License Evaluation Results:

Title	Package Name	Package Version	Severity	License Info	Introduced	Dependency Type

Total License Issues: 0

prashanthpx requested review from siva-portworx, pallav-px, lalat-das, px-kesavan, vikasit12 and t-nidhin April 15, 2024 17:05

t-nidhin approved these changes Apr 17, 2024

View reviewed changes

prashanthpx and others added 3 commits May 16, 2024 13:53

PB-4547: Added new Disabled state for backuplocation object

88dd28f

PB-5349: Adding a new field in proto called LimitedAvailability, this…

b7bb33a

… is being enabled when we want to do partial backups. Signed-off-by: kgarg-px <kgarg@purestorage.com>

pb-4519: removing disabled status for BL

677e390

Signed-off-by: kgarg-px <kgarg@purestorage.com>

kgarg-px force-pushed the epic-pb-4519 branch from ddc9790 to 677e390 Compare May 16, 2024 13:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PB-4519: Support for adding Limited Availability state for Backup Location #241

PB-4519: Support for adding Limited Availability state for Backup Location #241

prashanthpx commented Apr 15, 2024

github-actions bot commented Apr 15, 2024

github-actions bot commented Apr 15, 2024

github-actions bot commented Apr 16, 2024

github-actions bot commented Apr 16, 2024

github-actions bot commented May 16, 2024

github-actions bot commented May 16, 2024

PB-4519: Support for adding Limited Availability state for Backup Location #241

Are you sure you want to change the base?

PB-4519: Support for adding Limited Availability state for Backup Location #241

Conversation

prashanthpx commented Apr 15, 2024

github-actions bot commented Apr 15, 2024

github-actions bot commented Apr 15, 2024

github-actions bot commented Apr 16, 2024

github-actions bot commented Apr 16, 2024

github-actions bot commented May 16, 2024

github-actions bot commented May 16, 2024