Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Linuxfoundation Subscribe
Filtered by product Knative Func
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41939 1 Linuxfoundation 1 Knative Func 2023-03-14 N/A 7.4 HIGH
knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.