Adding Advisory GHSA-w32m-9786-jp63 for kubeflow-pipelines (#10426)

Co-authored-by: octo-sts[bot] <[email protected]>
wolfi-dev · Dec 19, 2024 · 986aeca · 986aeca
1 parent 4b970e1
commit 986aeca
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/kubeflow-pipelines.advisories.yaml b/kubeflow-pipelines.advisories.yaml
@@ -558,6 +558,24 @@ advisories:
           type: vulnerable-code-not-included-in-package
           note: This only affects Kubernetes itself, and code was marked NOT_IMPORTABLE in Golang vulndb
 
+  - id: CGA-g29f-qmxw-898c
+    aliases:
+      - CVE-2024-45338
+      - GHSA-w32m-9786-jp63
+    events:
+      - timestamp: 2024-12-19T15:36:18Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: kubeflow-pipelines
+            componentID: 6a916ee91770dc8e
+            componentName: golang.org/x/net
+            componentVersion: v0.25.0
+            componentType: go-module
+            componentLocation: /usr/bin/apiserver
+            scanner: grype
+
   - id: CGA-g2v2-fcrq-626x
     aliases:
       - CVE-2023-45290