CVE-2024-24790 #219
Description
Prisma scan is failing for the community 7.6.2 image.
Error:
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | GRACE DAYS | DESCRIPTION | TRIGGERED FAILURE |
|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2024-24790 | critical | 9.80 | net/netip | 1.22.2 | fixed in 1.21.11, 1.22.4 | 74 days | < 1 hour | -15 | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would... | Yes |
| CVE-2023-39325 | high | 7.50 | golang.org/x/net/http2 | v0.10.0 | fixed in 0.17.0 | > 10 months | < 1 hour | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total ... | No | |
| GO-2023-2153 | high | 0.00 | google.golang.org/grpc | v1.55.0 | fixed in 1.56.3, 1.57.1, 1.58.3 | > 9 months | < 1 hour | An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go ser... | No |