Hello,
Our twistlock scanner picked up a vulnerability finding on our external-dns container about "github.com/golang-jwt/jwt/v4 module from all versions is vulnerable to Denial of Service (DoS) due to token without ExpiresAt can cause panic." This finding has been addressed and fixed in jwt version > v4.1.0. I found the line of code referring to "github.com/golang-jwt/jwt/v4" module in this link https://github.com/kubernetes-sigs/external-dns/blob/master/go.mod#L104. I’m not sure if this finding has been addressed before but I thought it would be a great idea to bring this finding up. Let me know if you need any more info about it. Thanks and have a great day.
V/r,
Jesire Belleza
V/r,
Jesire Belleza
Consulting Engineer
Rancher Government Solutions
--
You received this message because you are subscribed to the Google Groups "kubernetes-security-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-security...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-security-discuss/MN2PR01MB57913C501D9F5BEE877FEF4AFC9C9%40MN2PR01MB5791.prod.exchangelabs.com.