Vulnerability remediation for CRITICAl and HIGH in latest KF chart

The latest KF release 1.4.1 have total 43 HIGH and CRITICAL vulnerabilities. Do you have any plans to remediate them? I see few of them are due to the latest chart of apps  not being used. FEAST ( https://github.com/feast-dev/feast/releases/tag/v0.18.0 ) is one of the example.


IMAGE | TAG | CVE | SEVERITY
-- | -- | -- | --
docker.io/bitnami/postgresql | 11.7.0-debian-10-r9 | CVE-2018-16873 | HIGH
docker.io/bitnami/postgresql | 11.7.0-debian-10-r9 | CVE-2018-16875 | HIGH
docker.io/bitnami/postgresql | 11.7.0-debian-10-r9 | CVE-2019-13115 | HIGH
docker.io/bitnami/postgresql | 11.7.0-debian-10-r9 | CVE-2021-3156 | HIGH
docker.io/bitnami/redis | 5.0.7-debian-10-r32 | CVE-2018-16873 | HIGH
docker.io/bitnami/redis | 5.0.7-debian-10-r32 | CVE-2018-16875 | HIGH
docker.io/bitnami/redis | 5.0.7-debian-10-r32 | CVE-2019-13115 | HIGH
docker.io/bitnami/redis | 5.0.7-debian-10-r32 | CVE-2021-3156 | HIGH
docker.io/kubeflowkatib/pytorch-mnist | v1beta1-45c5727 | CVE-2019-3462 | HIGH
docker.io/kubeflowkatib/tfevent-metrics-collector | v0.12.0 | CVE-2019-3462 | HIGH
docker.io/kubeflowkatib/tfevent-metrics-collector | v0.12.0 | CVE-2020-15999 | HIGH
gcr.io/arrikto/kubeflow/oidc-authservice | 28c59ef | CVE-2020-1967 | HIGH
gcr.io/kf-feast/feast-core | develop | CVE-2014-0050 | CRITICAL
gcr.io/kf-feast/feast-core | develop | CVE-2021-44228 | CRITICAL
gcr.io/kf-feast/feast-core | develop | CVE-2021-45046 | CRITICAL
gcr.io/kf-feast/feast-jobservice | develop | CVE-2019-17571 | CRITICAL
gcr.io/kf-feast/feast-jobservice | develop | CVE-2020-24616 | HIGH
gcr.io/kf-feast/feast-jobservice | develop | CVE-2021-3156 | HIGH
gcr.io/kf-feast/feast-jobservice | develop | CVE-2022-23307 | CRITICAL
gcr.io/kf-feast/feast-serving | develop | CVE-2014-0050 | CRITICAL
gcr.io/kf-feast/feast-serving | develop | CVE-2020-24616 | HIGH
gcr.io/kf-feast/feast-serving | develop | CVE-2021-44228 | CRITICAL
gcr.io/kf-feast/feast-serving | develop | CVE-2021-45046 | CRITICAL
gcr.io/kubebuilder/kube-rbac-proxy | v0.4.0 | CVE-2018-16873 | HIGH
gcr.io/kubebuilder/kube-rbac-proxy | v0.4.0 | CVE-2018-16875 | HIGH
gcr.io/ml-pipeline/api-server | 1.7.0 | CVE-2009-5155 | HIGH
gcr.io/ml-pipeline/api-server | 1.7.0 | CVE-2018-100000 | HIGH
gcr.io/ml-pipeline/frontend | 1.7.0 | CVE-2020-1967 | HIGH
gcr.io/ml-pipeline/persistenceagent | 1.7.0 | CVE-2019-11253 | HIGH
kfserving/storage-initializer | v0.6.1 | CVE-2021-44228 | CRITICAL
kfserving/storage-initializer | v0.6.1 | CVE-2021-45046 | CRITICAL
metacontroller/metacontroller | v0.3.0 | CVE-2009-5155 | HIGH
metacontroller/metacontroller | v0.3.0 | CVE-2018-100000 | HIGH
metacontroller/metacontroller | v0.3.0 | CVE-2018-16873 | HIGH
metacontroller/metacontroller | v0.3.0 | CVE-2018-16875 | HIGH
metacontroller/metacontroller | v0.3.0 | CVE-2019-3462 | HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/codeserver-python | v1.4 | CVE-2021-4034 | HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-pytorch-cuda-full | v1.4 | CVE-2021-4034 | HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-pytorch-full | v1.4 | CVE-2021-4034 | HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-scipy | v1.4 | CVE-2021-4034 | HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-tensorflow-cuda-full | v1.4 | CVE-2021-4034 | HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-tensorflow-full | v1.4 | CVE-2021-4034 | HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/rstudio-tidyverse | v1.4 | CVE-2021-4034 | HIGH




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Vulnerability remediation for CRITICAl and HIGH in latest KF chart #2132

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

IMAGE	TAG	CVE	SEVERITY
docker.io/bitnami/postgresql	11.7.0-debian-10-r9	CVE-2018-16873	HIGH
docker.io/bitnami/postgresql	11.7.0-debian-10-r9	CVE-2018-16875	HIGH
docker.io/bitnami/postgresql	11.7.0-debian-10-r9	CVE-2019-13115	HIGH
docker.io/bitnami/postgresql	11.7.0-debian-10-r9	CVE-2021-3156	HIGH
docker.io/bitnami/redis	5.0.7-debian-10-r32	CVE-2018-16873	HIGH
docker.io/bitnami/redis	5.0.7-debian-10-r32	CVE-2018-16875	HIGH
docker.io/bitnami/redis	5.0.7-debian-10-r32	CVE-2019-13115	HIGH
docker.io/bitnami/redis	5.0.7-debian-10-r32	CVE-2021-3156	HIGH
docker.io/kubeflowkatib/pytorch-mnist	v1beta1-45c5727	CVE-2019-3462	HIGH
docker.io/kubeflowkatib/tfevent-metrics-collector	v0.12.0	CVE-2019-3462	HIGH
docker.io/kubeflowkatib/tfevent-metrics-collector	v0.12.0	CVE-2020-15999	HIGH
gcr.io/arrikto/kubeflow/oidc-authservice	28c59ef	CVE-2020-1967	HIGH
gcr.io/kf-feast/feast-core	develop	CVE-2014-0050	CRITICAL
gcr.io/kf-feast/feast-core	develop	CVE-2021-44228	CRITICAL
gcr.io/kf-feast/feast-core	develop	CVE-2021-45046	CRITICAL
gcr.io/kf-feast/feast-jobservice	develop	CVE-2019-17571	CRITICAL
gcr.io/kf-feast/feast-jobservice	develop	CVE-2020-24616	HIGH
gcr.io/kf-feast/feast-jobservice	develop	CVE-2021-3156	HIGH
gcr.io/kf-feast/feast-jobservice	develop	CVE-2022-23307	CRITICAL
gcr.io/kf-feast/feast-serving	develop	CVE-2014-0050	CRITICAL
gcr.io/kf-feast/feast-serving	develop	CVE-2020-24616	HIGH
gcr.io/kf-feast/feast-serving	develop	CVE-2021-44228	CRITICAL
gcr.io/kf-feast/feast-serving	develop	CVE-2021-45046	CRITICAL
gcr.io/kubebuilder/kube-rbac-proxy	v0.4.0	CVE-2018-16873	HIGH
gcr.io/kubebuilder/kube-rbac-proxy	v0.4.0	CVE-2018-16875	HIGH
gcr.io/ml-pipeline/api-server	1.7.0	CVE-2009-5155	HIGH
gcr.io/ml-pipeline/api-server	1.7.0	CVE-2018-100000	HIGH
gcr.io/ml-pipeline/frontend	1.7.0	CVE-2020-1967	HIGH
gcr.io/ml-pipeline/persistenceagent	1.7.0	CVE-2019-11253	HIGH
kfserving/storage-initializer	v0.6.1	CVE-2021-44228	CRITICAL
kfserving/storage-initializer	v0.6.1	CVE-2021-45046	CRITICAL
metacontroller/metacontroller	v0.3.0	CVE-2009-5155	HIGH
metacontroller/metacontroller	v0.3.0	CVE-2018-100000	HIGH
metacontroller/metacontroller	v0.3.0	CVE-2018-16873	HIGH
metacontroller/metacontroller	v0.3.0	CVE-2018-16875	HIGH
metacontroller/metacontroller	v0.3.0	CVE-2019-3462	HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/codeserver-python	v1.4	CVE-2021-4034	HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-pytorch-cuda-full	v1.4	CVE-2021-4034	HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-pytorch-full	v1.4	CVE-2021-4034	HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-scipy	v1.4	CVE-2021-4034	HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-tensorflow-cuda-full	v1.4	CVE-2021-4034	HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-tensorflow-full	v1.4	CVE-2021-4034	HIGH
public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/rstudio-tidyverse	v1.4	CVE-2021-4034	HIGH

Vulnerability remediation for CRITICAl and HIGH in latest KF chart #2132

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions