CVE-2024-34158, CVE-2024-34156 patch Vulnerabilities

[agomez-infoblox]

Looks like the latest version 0.7.2 has the following vulnerabilities

CVE-2024-34156
CVE-2024-34158

And from I can see an upgrade to go 1.22.7 should fix them

https://frontrow.rapidfort.com/app/community/image/c8672117-67b7-4e14-94b9-f77f5b6750fb/vulns/hardened

/kind support

[richabanker]

/triage accepted
/assign @dgrisonnet

[mugdha-adhav]

Is anyone actively working on this? I can help with a patch for this.

[flowramps]

Scan was carried out and the following package was highlighted

The container image on eks-xxxxx, stored in registry.k8s.io/metrics-server/metrics-server, has 2 Critical severity vulnerabilities -

1. Upgrade package golang.org/x/crypto to version 0.31.0 or later
2. Upgrade package stdlib to versions 1.21.11, 1.22.4, or later

Anyone looking at this update?

[agomez-infoblox]

@dgrisonnet are there any updates for these issues?