Product Research Enterprise Plans Docs

PyPi: Kfp-Tekton

CVE-2023-39325

Transitive

Safety vulnerability ID: 61882

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 11, 2023 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Kfp-tekton 1.8.1 updates its GO dependency 'golang.org/x/net' to 0.17.0 to include a security fix.
https://github.com/kubeflow/kfp-tekton/pull/1377

Affected package

kfp-tekton

Latest version: 1.9.3

Tekton Compiler for Kubeflow Pipelines

Affected versions

Fixed versions

Vulnerability changelog

- Addressed Tekton 0.50.1 regression issue
- Updated deps to address security vulnerability.
- Bug fixes for SDK and manifests

What's Changed
* chore(docs): Add grpc gateway version to user guides. by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1346
* fix(docs) Update Kind install command to use kubectl -k by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1348
* fix(sdk): Fix nested loop with cel outputs by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1351
* fix(manifests): Update istio-authorization-config.yaml for multi-user by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1362
* chore(docs): Update kfp_tekton_install.md with kfp-tekton v2 install instructions by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1367
* chore(docs): Add SECURITY.md to tell supporting kfp-tekton version by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1368
* feat(tekton-catalog): Move v2 tekton-exithandler custom task to tekton catalog by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1370
* chore(cleanup): remove old manifests and tools to reduce security checklist by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1371
* chore(deps): bump urllib3 from 1.26.15 to 1.26.17 in /sdk/python by dependabot in https://github.com/kubeflow/kfp-tekton/pull/1356
* chore(deps): bump certifi from 2022.12.7 to 2023.7.22 in /sdk/python by dependabot in https://github.com/kubeflow/kfp-tekton/pull/1372
* feat(tekton-catalog): Add V2 Tekton kfptask to Tekton catalog by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1373
* chore(deps): Fix golang.org/x/net vulnerability by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1377
* chore(github): Update github action deps by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1383
* fix(deps): Update to Tekton 0.50.2 to fix regression and security bugs by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1382
* chore(release): Add kfp-tekton 1.8.1 release by Tomcli in https://github.com/kubeflow/kfp-tekton/pull/1385

New Contributors
* dependabot made their first contribution in https://github.com/kubeflow/kfp-tekton/pull/1356

**Full Changelog**: https://github.com/kubeflow/kfp-tekton/compare/v1.8.0...v1.8.1

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH