spectrocloud · lennessyy · Aug 6, 2024 · Aug 6, 2024 · Aug 6, 2024 · Aug 6, 2024
@@ -0,0 +1,33 @@
+---
+sidebar_label: "CVE-2024-24790"
+title: "CVE-2024-24790"
+description: "Lifecycle of CVE-2024-24790"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790)
+
+## Last Update
+
+08/06/2024
+
+## NIST CVE Summary
+
+The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
+
+## Our Official Summary
+
+Waiting on the 3rd party vendor for a fix. Notes: This vulnerability is reported on the mongodb container. A ticket is filed with the vendor to get a new image that addresses the vulnerabilities reported.
+
+## CVE Severity
+
+[9.8](hhttps://nvd.nist.gov/vuln/detail/CVE-2024-24790)
+
+## Status
+
+Ongoing
@@ -0,0 +1,33 @@
+---
+sidebar_label: "GHSA-74fp-r6jw-h4mp"
+title: "GHSA-74fp-r6jw-h4mp"
+description: "Lifecycle of GHSA-74fp-r6jw-h4mp"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[GHSA-m425-mq94-257g](https://github.com/advisories/ghsa-74fp-r6jw-h4mp)
+
+## Last Update
+
+08/06/2024
+
+## NIST CVE Summary
+
+Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
+
+## Our Official Summary
+
+This vulnerability is reported by govulncheck because of the presence of go library, k8s.io/apimachinery (Affected versions: \< 0.0.0-20190927203648-9ce6eca90e73). This is a false positive, because it does not affect latest kubernetes versions as indicated here ([https://nvd.nist.gov/vuln/detail/CVE-2019-11253](https://nvd.nist.gov/vuln/detail/CVE-2019-11253)). Current K8s version used: 1.28.11
+
+## CVE Severity
+
+[7.5](https://github.com/advisories/ghsa-74fp-r6jw-h4mp)
+
+## Status
+
+Ongoing
@@ -51,4 +51,6 @@ Click on the CVE ID to view the full details of the vulnerability.
 | [CVE-2023-44487](./cve-2023-44487.md)           | 10/10/23         | 6/27/24       | Palette 4.4.11             | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)   | :mag: Ongoing |
 | [CVE-2022-25883](./cve-2022-25883.md)           | 6/21/23          | 11/6/24       | Palette 4.4.11             | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)   | :mag: Ongoing |
 | [CVE-2015-8855](./cve-2015-8855.md)             | 1/23/17          | 1/26/12       | Palette 4.4.11             | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)    | :mag: Ongoing |
+| [CVE-2024-24790](./cve-2024-24790.md)           | 8/6/24           | 8/6/24        | Palette 4.4.11             | Third-party component: Go Project       | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-24790)   | :mag: Ongoing |
+| [GHSA-74fp-r6jw-h4mp](./ghsa-74fp-r6jw-h4mp)    | 8/6/24           | 8/6/24        | Palette 4.4.11             | Third-party component: GitHub           | [7.5](https://github.com/advisories/GHSA-74fp-r6jw-h4mp) | :mag: Ongoing |
 | [PRISMA-2022-0227](./prisma-2022-0227.md)       | 9/12/23          | 9/12/23       | Palette 4.4.11             | Third-party component: vSphere-CSI      | N/A                                                      | :mag: Ongoing |