CVE-2023-48713 Vulnerability in knative.dev/serving Dependency

Hi Flagger maintainers,

I noticed that Flagger is currently using `knative.dev/serving v0.46.6`, which is affected by CVE-2023-48713 - a moderate severity vulnerability that could allow an attacker with a compromised pod to crash the Knative Serving autoscaler, resulting in a denial of service.

The vulnerability has been fixed in the following versions:
- v1.10.5
- v1.11.3
- v1.12.0 and above

**References:**
- GitHub Advisory: https://github.com/advisories/GHSA-qmvj-4qr9-v547
- Knative Security Audit: https://knative.dev/blog/events/security-audit-2023/

Are there plans to upgrade the `knative.dev/serving` dependency to address this vulnerability?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2023-48713 Vulnerability in knative.dev/serving Dependency #1876

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2023-48713 Vulnerability in knative.dev/serving Dependency #1876

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions