istio-cni-1.19.advisories.yaml

schema-version: 2.0.2

package:
  name: istio-cni-1.19

advisories:
  - id: CVE-2023-39325
    aliases:
      - GHSA-4374-p667-p6c8
    events:
      - timestamp: 2023-10-12T22:18:13Z
        type: fixed
        data:
          fixed-version: 1.19.3-r0

  - id: CVE-2023-45283
    aliases:
      - GHSA-vvjp-q62m-2vph
    events:
      - timestamp: 2023-11-07T19:29:40Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-45284
    aliases:
      - GHSA-rq3x-83w4-p28c
    events:
      - timestamp: 2023-11-07T19:29:41Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-48795
    aliases:
      - GHSA-45x7-px36-x8w8
    events:
      - timestamp: 2023-12-20T12:59:23Z
        type: fixed
        data:
          fixed-version: 1.19.5-r2

  - id: CVE-2023-49290
    aliases:
      - GHSA-7f9x-gw85-8grf
    events:
      - timestamp: 2024-01-24T07:07:20Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: istio-install-cni-1.19
            componentID: 147ea67f790a2424
            componentName: github.com/lestrrat-go/jwx
            componentVersion: v1.2.26
            componentType: go-module
            componentLocation: /usr/bin/install-cni
            scanner: grype
      - timestamp: 2024-01-24T17:13:07Z
        type: fixed
        data:
          fixed-version: 1.19.6-r1

  - id: CVE-2024-21664
    aliases:
      - GHSA-pvcr-v8j8-j5q3
    events:
      - timestamp: 2024-01-24T07:07:20Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: istio-install-cni-1.19
            componentID: 147ea67f790a2424
            componentName: github.com/lestrrat-go/jwx
            componentVersion: v1.2.26
            componentType: go-module
            componentLocation: /usr/bin/install-cni
            scanner: grype
      - timestamp: 2024-01-26T08:12:46Z
        type: fixed
        data:
          fixed-version: 1.19.6-r2

  - id: CVE-2024-28122
    aliases:
      - GHSA-hj3v-m684-v259
    events:
      - timestamp: 2024-03-09T07:43:52Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: istio-cni-1.19
            componentID: da6d5acb8c0b0ca8
            componentName: github.com/lestrrat-go/jwx
            componentVersion: v1.2.28
            componentType: go-module
            componentLocation: /usr/bin/istio-cni
            scanner: grype

  - id: CVE-2024-28180
    aliases:
      - GHSA-c5q2-7r4c-mv6g
    events:
      - timestamp: 2024-03-08T07:04:25Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: istio-install-cni-1.19
            componentID: 6020ade94a63de2e
            componentName: github.com/go-jose/go-jose/v3
            componentVersion: v3.0.1
            componentType: go-module
            componentLocation: /usr/bin/install-cni
            scanner: grype