Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] deepflow-agent镜像存在严重漏洞 #7497

Open
2 of 3 tasks
wyf0520 opened this issue Jul 22, 2024 · 4 comments
Open
2 of 3 tasks

[BUG] deepflow-agent镜像存在严重漏洞 #7497

wyf0520 opened this issue Jul 22, 2024 · 4 comments
Assignees
@Nick-0314
Labels
bug Something isn't working

Comments

@wyf0520
Copy link

wyf0520 commented Jul 22, 2024

Search before asking

  • I had searched in the issues and found no similar feature requirement.

DeepFlow Component

Agent

What you expected to happen

deepflow-agent.log

How to reproduce

run trivy image --db-repository m.daocloud.io/ghcr.io/aquasecurity/trivy-db --java-db-repository m.daocloud.io/ghcr.io/aquasecurity/trivy-java-db registry.cn-hongkong.aliyuncs.com/deepflow-ce/deepflow-agent:v6.5

DeepFlow version

Defaulted container "deepflow-agent" out of: deepflow-agent, configure-sysctl (init)
10695-abf34f6137e57ec3371caa8ab72433f3343bbe81
Name: deepflow-agent community edition
Branch: v6.5
CommitId: abf34f6
RevCount: 10695
Compiler: rustc 1.77.1 (7cf61ebde 2024-03-27)
CompileTime: 2024-07-11 12:04:49

DeepFlow agent list

ID NAME TYPE CTRL_IP CTRL_MAC STATE GROUP EXCEPTIONS REVISION UPGRADE_REVISION
1 xx.xx.xx.xx-V3 K8S_VM xx.xx.xx.xx 00:50:56:ad:1d:01 NORMAL default CONTROLLER_SOCKET_ERROR v6.5 10695
2 xx.xx.xx.xx-V1 K8S_VM xx.xx.xx.xx 00:50:56:ad:35:7f NORMAL default v6.5 10614
3 xx.xx.xx.xx-V2 K8S_VM xx.xx.xx.xx 00:50:56:ad:4e:74 NORMAL default v6.5 10614

Kubernetes CNI

flannel

Operation-System/Kernel version

4.4.0-142-generic

Anything else

No response

Are you willing to submit a PR?

  • Yes I am willing to submit a PR!

Code of Conduct
@wyf0520 wyf0520 added the bug Something isn't working label Jul 22, 2024
@Nick-0314
Copy link
Contributor

Is it convenient to list the vulnerabilities directly? Propose solutions and whether you intend to submit a PR

@wyf0520
Copy link
Author

wyf0520 commented Jul 22, 2024

Library:usr/bin/ecapture stdlib
Vulnerability: CVE-2024-24790
Severity: CRITICAL
Status: fixed
Installed Version: 1.21.5
Fixed Version: 1.21.11 1.22.4
Title:golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses │
https://avd.aquasec.com/nvd/cve-2024-24790

@xiaoyuan2019
Copy link

@Nick-0314 deepflow-app and deepflow-stella-agent-ce has high-risk vulnerability and critical vulnerability。
image
image

@xiaoyuan2019
Copy link

deepflow-app.log
deepflow-stella-agent.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Nick-0314 Nick-0314

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xiaoyuan2019 @Nick-0314 @wyf0520