Status
Impact
The CVE is related to k8s.io/apimachinery, a dependency of access-management subpackage. The dependency is pinned to a specific version and bumping the dependency breaks the built, therefore upstream needs to fix it properly. Once this is done, we can rebuilt the package in order to remediate the CVE.
Status
Impact
Govulncheck found vulnerable symbols in Go binaries at the following locations: in kubeflow-access-management-1.10.0-r4.apk, at usr/bin/access-management, usr/bin/access-management.
Status
Status
Fixed version
1.10.0-r4Status