From 4ac7e7ce5623790b2b691b90d447bce5a122a304 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com> Date: Tue, 24 Dec 2024 09:12:52 +0000 Subject: [PATCH 1/2] Adding Advisory GHSA-gmj6-6f8f-6699 for kserve --- kserve.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/kserve.advisories.yaml b/kserve.advisories.yaml index c0d744f63..747c611b7 100644 --- a/kserve.advisories.yaml +++ b/kserve.advisories.yaml @@ -228,6 +228,24 @@ advisories: data: fixed-version: 0.13.1-r3 + - id: CGA-whf8-42p9-686q + aliases: + - CVE-2024-56201 + - GHSA-gmj6-6f8f-6699 + events: + - timestamp: 2024-12-24T09:12:48Z + type: detection + data: + type: scan/v1 + data: + subpackageName: kserve + componentID: 78b06eb6e23e6d85 + componentName: jinja2 + componentVersion: 3.1.4 + componentType: python + componentLocation: /usr/lib/python3.11/site-packages/jinja2-3.1.4.dist-info/METADATA, /usr/lib/python3.11/site-packages/jinja2-3.1.4.dist-info/RECORD + scanner: grype + - id: CGA-xw8q-xp4x-825w aliases: - CVE-2024-3651 From 10083035f3f76a05c4bacdd60942ab6f82d54f55 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com> Date: Tue, 24 Dec 2024 09:12:57 +0000 Subject: [PATCH 2/2] Adding Advisory GHSA-q2x7-8rv6-6q7h for kserve --- kserve.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/kserve.advisories.yaml b/kserve.advisories.yaml index 747c611b7..eda385955 100644 --- a/kserve.advisories.yaml +++ b/kserve.advisories.yaml @@ -114,6 +114,24 @@ advisories: data: fixed-version: 0.13.1-r3 + - id: CGA-crfr-r549-cvmg + aliases: + - CVE-2024-56326 + - GHSA-q2x7-8rv6-6q7h + events: + - timestamp: 2024-12-24T09:12:53Z + type: detection + data: + type: scan/v1 + data: + subpackageName: kserve + componentID: 78b06eb6e23e6d85 + componentName: jinja2 + componentVersion: 3.1.4 + componentType: python + componentLocation: /usr/lib/python3.11/site-packages/jinja2-3.1.4.dist-info/METADATA, /usr/lib/python3.11/site-packages/jinja2-3.1.4.dist-info/RECORD + scanner: grype + - id: CGA-fm37-6x82-hrg9 aliases: - CVE-2024-34156