PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup #223

vsundarraj-px · 2024-01-17T05:49:44Z

What this PR does / why we need it:
This PR will implement additional field to support Kubevirt phase 2

Which issue(s) this PR fixes (optional)
Closes #
PB-5291

Special notes for your reviewer:

Unit tested by building stork/ px-backup to see there is no build failure and ensure the existing functionality is broken by this PR.

github-actions · 2024-01-17T05:50:22Z

OSS Scan Results:

Title	Severity	Package Name	CVEs	Fix version	Introduced
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	google.golang.org/grpc	['CVE-2023-44487']	['1.56.3', '1.57.1', '1.58.3']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/[email protected]', 'google.golang.org/protobuf/types/known/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Improper Input Validation	high	sigs.k8s.io/aws-iam-authenticator/pkg/token	['CVE-2022-2385']	['0.5.9']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]']

Total issues: 26

github-actions · 2024-01-17T05:50:23Z

License Evaluation Results:

Title	Package Name	Package Version	Severity	License Info	Introduced	Dependency Type

Total License Issues: 0

Signed-off-by: vsundarraj-px <[email protected]>

pkg/apis/v1/api.proto

Signed-off-by: vsundarraj-px <[email protected]>

github-actions · 2024-01-17T17:44:43Z

OSS Scan Results:

Title	Severity	Package Name	CVEs	Fix version	Introduced
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	google.golang.org/grpc	['CVE-2023-44487']	['1.56.3', '1.57.1', '1.58.3']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/[email protected]', 'google.golang.org/protobuf/types/known/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Improper Input Validation	high	sigs.k8s.io/aws-iam-authenticator/pkg/token	['CVE-2022-2385']	['0.5.9']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]']

Total issues: 26

github-actions · 2024-01-17T17:44:44Z

License Evaluation Results:

Title	Package Name	Package Version	Severity	License Info	Introduced	Dependency Type

Total License Issues: 0

github-actions · 2024-01-17T17:48:13Z

OSS Scan Results:

Title	Severity	Package Name	CVEs	Fix version	Introduced
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	google.golang.org/grpc	['CVE-2023-44487']	['1.56.3', '1.57.1', '1.58.3']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/[email protected]', 'google.golang.org/protobuf/types/known/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Improper Input Validation	high	sigs.k8s.io/aws-iam-authenticator/pkg/token	['CVE-2022-2385']	['0.5.9']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]']

Total issues: 26

github-actions · 2024-01-17T17:48:14Z

License Evaluation Results:

Title	Package Name	Package Version	Severity	License Info	Introduced	Dependency Type

Total License Issues: 0

Signed-off-by: vsundarraj-px <[email protected]>

pkg/apis/v1/api.proto

siva-portworx

LGTM with comment on Enum is fixed.

github-actions · 2024-01-19T15:33:28Z

OSS Scan Results:

Title	Severity	Package Name	CVEs	Fix version	Introduced
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	google.golang.org/grpc	['CVE-2023-44487']	['1.56.3', '1.57.1', '1.58.3']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/[email protected]', 'google.golang.org/protobuf/types/known/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Improper Input Validation	high	sigs.k8s.io/aws-iam-authenticator/pkg/token	['CVE-2022-2385']	['0.5.9']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]']

Total issues: 36

github-actions · 2024-01-19T15:33:29Z

License Evaluation Results:

Title	Package Name	Package Version	Severity	License Info	Introduced	Dependency Type

Total License Issues: 0

Signed-off-by: vsundarraj-px <[email protected]>

github-actions · 2024-01-22T14:49:18Z

OSS Scan Results:

Title	Severity	Package Name	CVEs	Fix version	Introduced
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/cli-runtime/pkg/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'github.com/portworx/sched-ops/k8s/core@#2e0ef25efadd', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/transport/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/client-go/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]', 'k8s.io/client-go/pkg/apis/clientauthentication/[email protected]', 'k8s.io/client-go/pkg/apis/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	golang.org/x/net/http2	['CVE-2023-44487']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Allocation of Resources Without Limits or Throttling	medium	golang.org/x/net/http2	['CVE-2023-39325']	['0.17.0']	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	low	golang.org/x/net/http2	['CVE-2019-9514']	[]	['github.com/portworx/[email protected]', 'k8s.io/client-go/tools/[email protected]', 'k8s.io/client-go/tools/clientcmd/api/[email protected]', 'k8s.io/apimachinery/pkg/runtime/serializer/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/v1/[email protected]', 'k8s.io/apimachinery/pkg/apis/meta/[email protected]', 'k8s.io/apimachinery/pkg/[email protected]', 'k8s.io/apimachinery/pkg/util/[email protected]', 'golang.org/x/net/[email protected]']
Denial of Service (DoS)	high	google.golang.org/grpc	['CVE-2023-44487']	['1.56.3', '1.57.1', '1.58.3']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/[email protected]', 'google.golang.org/protobuf/types/known/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Stack-based Buffer Overflow	medium	google.golang.org/protobuf/encoding/protojson	[]	['1.32.0']	['github.com/portworx/[email protected]', 'google.golang.org/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'google.golang.org/grpc/internal/[email protected]', 'github.com/golang/protobuf/[email protected]', 'google.golang.org/protobuf/encoding/[email protected]']
Improper Input Validation	high	sigs.k8s.io/aws-iam-authenticator/pkg/token	['CVE-2022-2385']	['0.5.9']	['github.com/portworx/[email protected]', 'sigs.k8s.io/aws-iam-authenticator/pkg/[email protected]']

Total issues: 36

github-actions · 2024-01-22T14:49:19Z

License Evaluation Results:

Title	Package Name	Package Version	Severity	License Info	Introduced	Dependency Type

Total License Issues: 0

Signed-off-by: vsundarraj-px <[email protected]>

vsundarraj-px requested a review from prashanthpx January 17, 2024 05:50

vsundarraj-px requested review from siva-portworx, prabhu-px and pallav-px January 17, 2024 05:50

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup

de4dfb3

Signed-off-by: vsundarraj-px <[email protected]>

dbinnal-px reviewed Jan 17, 2024

View reviewed changes

pkg/apis/v1/api.proto Outdated Show resolved Hide resolved

dbinnal-px approved these changes Jan 17, 2024

View reviewed changes

px-kesavan approved these changes Jan 17, 2024

View reviewed changes

siva-portworx reviewed Jan 17, 2024

View reviewed changes

pkg/apis/v1/api.proto Outdated Show resolved Hide resolved

pkg/apis/v1/api.proto Outdated Show resolved Hide resolved

pkg/apis/v1/api.proto Outdated Show resolved Hide resolved

vsundarraj-px force-pushed the PB-5291 branch from 3a19f95 to 1f2e2fd Compare January 17, 2024 17:43

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup

896d68c

Signed-off-by: vsundarraj-px <[email protected]>

vsundarraj-px added 2 commits January 17, 2024 17:55

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup

1f2e2fd

Signed-off-by: vsundarraj-px <[email protected]>

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup

380d075

Signed-off-by: vsundarraj-px <[email protected]>

prashanthpx reviewed Jan 19, 2024

View reviewed changes

pkg/apis/v1/api.proto Outdated Show resolved Hide resolved

siva-portworx approved these changes Jan 19, 2024

View reviewed changes

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup

3920f11

Signed-off-by: vsundarraj-px <[email protected]>

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup

b19af6c

Signed-off-by: vsundarraj-px <[email protected]>

vsundarraj-px merged commit ed1088c into master Jan 23, 2024
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup #223

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup #223

vsundarraj-px commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

siva-portworx left a comment

github-actions bot commented Jan 19, 2024

github-actions bot commented Jan 19, 2024

github-actions bot commented Jan 22, 2024

github-actions bot commented Jan 22, 2024

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup #223

PB-5291: Kubevirt - Phase 2 Implement gRPC changes for VM Backup #223

Conversation

vsundarraj-px commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

github-actions bot commented Jan 17, 2024

siva-portworx left a comment

Choose a reason for hiding this comment

github-actions bot commented Jan 19, 2024

github-actions bot commented Jan 19, 2024

github-actions bot commented Jan 22, 2024

github-actions bot commented Jan 22, 2024