Skip to content

Instantly share code, notes, and snippets.

View mithilarun's full-sized avatar

Mithil Arun mithilarun

View GitHub Profile

Keybase proof

I hereby claim:

  • I am mithilarun on github.
  • I am mithil (https://keybase.io/mithil) on keybase.
  • I have a public key ASARhqXXZPQA5moMcY9yC3gKJfLk8M0tcqwPzFwSC6c_GQo

To claim this, I am signing this object:

@mithilarun
mithilarun / lts1-p13-openv.csv
Last active May 17, 2023 16:16
LTS1 Patch 13 Open Vulnerabilities
We can make this file beautiful and searchable if this error is corrected: It looks like row 6 should actually have 9 columns, instead of 3 in line 5.
Image Name,Type,Target,PackageName,VulnerabilityID,Severity,InstalledVersion,FixedVersion,Title
docker.io-platform9-alertmanager-v0.21.0-pmk-2640545,Library,bin/alertmanager,github.com/prometheus/client_golang,CVE-2022-21698,HIGH,v1.6.0,1.11.1,Denial of service using InstrumentHandlerCounter
docker.io-platform9-alertmanager-v0.21.0-pmk-2640545,Library,bin/amtool,github.com/prometheus/client_golang,CVE-2022-21698,HIGH,v1.6.0,1.11.1,Denial of service using InstrumentHandlerCounter
docker.io-platform9-cni-v3.18.6-pmk-2639927,Library,opt/cni/bin/calico,go.etcd.io/etcd,CVE-2018-1098,HIGH,v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b,v3.3.2,etcd: Cross-site request forgery via crafted local POST forms
docker.io-platform9-cni-v3.18.6-pmk-2639927,Library,opt/cni/bin/calico,go.etcd.io/etcd,CVE-2020-15115,HIGH,v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b,3.3.23; 3.4.10,etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords
docker.io-platform9-cni-v3.18.6-pmk-2639927,Library,opt
@mithilarun
mithilarun / lts1-p12.1-openvuln.csv
Last active May 17, 2023 16:20
LTS1 Patch 12.1 Open Vulnerabilities
We can make this file beautiful and searchable if this error is corrected: It looks like row 7 should actually have 9 columns, instead of 2 in line 6.
Image Name,Type,Target,PackageName,VulnerabilityID,Severity,InstalledVersion,FixedVersion,Title
calico-cni-v3.18.1,Library,opt/cni/bin/calico,github.com/containernetworking/cni,CVE-2021-20206,HIGH,v0.8.0,0.8.1,containernetworking-cni: Arbitrary path injection via type field in CNI configuration
calico-cni-v3.18.1,Library,opt/cni/bin/calico,github.com/dgrijalva/jwt-go,CVE-2020-26160,HIGH,v3.2.0+incompatible,,jwt-go: access restriction bypass vulnerability
calico-cni-v3.18.1,Library,opt/cni/bin/calico,github.com/gogo/protobuf,CVE-2021-3121,HIGH,v1.3.1,1.3.2,gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
calico-cni-v3.18.1,Library,opt/cni/bin/calico,github.com/prometheus/client_golang,CVE-2022-21698,HIGH,v1.0.0,1.11.1,Denial of service using InstrumentHandlerCounter
calico-cni-v3.18.1,Library,opt/cni/bin/calico,go.etcd.io/etcd,CVE-2018-1098,HIGH,v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b,v3.3.2,etcd: Cross-site request forgery via crafted local POST forms
calico-cni-v3.18.1,Library