High and medium Vulnerabilities in ne wimage

[TANYASHARMA1809]

Image: sig-storage/csi-resizer:v1.14.0

Name	Severity	Score	Fix Version
CVE-2025-22874	high	7.5	1.24.4
CVE-2025-4673	medium	6.8	1.23.10, 1.24.4
CVE-2025-0913	medium	5.5	1.23.10, 1.24.4

Description: Our security scans detected a critical, high and medium vulnerability in these above mentioned image

Could we have an estimate on the plan to fix these vulnerabilities? Thanks in advance!

[chengyiuchun]

Hi, our scans pick up these as well and a few others. Can we upgrade to 1.24.6? Thanks.

CVE ID	CVE Severity	CVSS Score	CVSS Score Version	Package Name	Package Version	Package Type	Fix Version
CVE-2025-4673	High	7.5	3.0	Go	1.24.2	golang	v1.24.4
CVE-2025-47906	High	7	3.0	Go	1.24.2	golang	v1.24.6
CVE-2025-0913	Medium	5.9	3.0	Go	1.24.2	golang	v1.24.4
CVE-2025-22874	Medium	5.9	3.0	Go	1.24.2	golang	v1.24.4
CVE-2025-47907	Medium	6.5	3.0	Go	1.24.2	golang	v1.24.6

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten