Security information¶
The MKE 3.8.1 patch release focuses exclusively on CVE mitigation. To this end, the following middleware component versions have been upgraded to resolve vulnerabilities in MKE:
[MKE-12092] cri-dockerd 0.3.16, which contains a Golang bump to 1.23.3.
The following table details the specific CVE addressed, CVE-2024-24790.
CVE |
Status |
Image mitigated |
Problem details from upstream |
---|---|---|---|
Resolved |
|
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. |