[Bot] docs: Update Snyk reports

Signed-off-by: CI <ci@argoproj.com>
2026-03-05 07:58:46 +01:00 · 2024-11-17 00:32:05 +00:00
39 changed files with 34239 additions and 62 deletions
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -55,7 +55,7 @@ recent minor releases.

 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.11.12/argocd-test.html) | 0 | 1 | 9 | 2 |
+| [go.mod](v2.11.12/argocd-test.html) | 0 | 2 | 9 | 2 |
 | [ui/yarn.lock](v2.11.12/argocd-test.html) | 0 | 0 | 1 | 0 |
 | [dex:v2.38.0](v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 7 |
 | [haproxy:2.6.14-alpine](v2.11.12/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 7 |
@@ -68,7 +68,7 @@ recent minor releases.

 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.10.18/argocd-test.html) | 0 | 1 | 9 | 2 |
+| [go.mod](v2.10.18/argocd-test.html) | 0 | 2 | 9 | 2 |
 | [ui/yarn.lock](v2.10.18/argocd-test.html) | 0 | 0 | 1 | 0 |
 | [dex:v2.37.0](v2.10.18/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 10 | 7 |
 | [haproxy:2.6.14-alpine](v2.10.18/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 7 |
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:20:55 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:22:16 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:21:05 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:22:26 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:18:46 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:20:08 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -470,7 +470,7 @@
              <div class="meta-counts">
                <div class="meta-count"><span>7</span> <span>known vulnerabilities</span></div>
                <div class="meta-count"><span>26 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2149</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>2150</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
          </header><!-- .project__header -->
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:18:54 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:20:16 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:18:59 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:20:21 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
@@ -871,9 +871,43 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
+        <p>Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
+        memory to be accessed that was previously freed in some situations</p>
+        <p>Impact summary: A use after free can have a range of potential consequences such
+        as the corruption of valid data, crashes or execution of arbitrary code.
+        However, only applications that directly call the SSL_free_buffers function are
+        affected by this issue. Applications that do not call this function are not
+        vulnerable. Our investigations indicate that this function is rarely used by
+        applications.</p>
+        <p>The SSL_free_buffers function is used to free the internal OpenSSL buffer used
+        when processing an incoming record from the network. The call is only expected
+        to succeed if the buffer is not currently in use. However, two scenarios have
+        been identified where the buffer is freed even when still in use.</p>
+        <p>The first scenario occurs where a record header has been received from the
+        network and processed by OpenSSL, but the full record body has not yet arrived.
+        In this case calling SSL_free_buffers will succeed even though a record has only
+        been partially processed and the buffer is still in use.</p>
+        <p>The second scenario occurs where a full record containing application data has
+        been received and processed by OpenSSL but the application has only read part of
+        this data. Again a call to SSL_free_buffers will succeed even though the buffer
+        is still in use.</p>
+        <p>While these scenarios could occur accidentally during normal operation a
+        malicious attacker could attempt to engineer a stituation where this occurs.
+        We are not aware of this issue being actively exploited.</p>
+        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.0-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177">https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d">https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac">https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8">https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8</a></li>
+        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4">https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20240528.txt">https://www.openssl.org/news/secadv/20240528.txt</a></li>
+        </ul>
        
              <hr/>
        
--- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:19:04 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:20:27 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:19:23 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:20:44 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -472,7 +472,7 @@
              <div class="meta-counts">
                <div class="meta-count"><span>19</span> <span>known vulnerabilities</span></div>
                <div class="meta-count"><span>73 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2358</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>2359</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
          </header><!-- .project__header -->
@@ -634,6 +634,7 @@
        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
        </ul>
        
              <hr/>
--- a/docs/snyk/master/redis_7.0.15-alpine.html
+++ b/docs/snyk/master/redis_7.0.15-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:19:28 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:20:48 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.10.18/argocd-iac-install.html
+++ b/docs/snyk/v2.10.18/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:30:37 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:31:55 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.10.18/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.10.18/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:30:47 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:32:04 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.10.18/argocd-test.html
+++ b/docs/snyk/v2.10.18/argocd-test.html
--- a/docs/snyk/v2.10.18/ghcr.io_dexidp_dex_v2.37.0.html
+++ b/docs/snyk/v2.10.18/ghcr.io_dexidp_dex_v2.37.0.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:28:42 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:30:08 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -5718,9 +5718,43 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
+        <p>Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
+        memory to be accessed that was previously freed in some situations</p>
+        <p>Impact summary: A use after free can have a range of potential consequences such
+        as the corruption of valid data, crashes or execution of arbitrary code.
+        However, only applications that directly call the SSL_free_buffers function are
+        affected by this issue. Applications that do not call this function are not
+        vulnerable. Our investigations indicate that this function is rarely used by
+        applications.</p>
+        <p>The SSL_free_buffers function is used to free the internal OpenSSL buffer used
+        when processing an incoming record from the network. The call is only expected
+        to succeed if the buffer is not currently in use. However, two scenarios have
+        been identified where the buffer is freed even when still in use.</p>
+        <p>The first scenario occurs where a record header has been received from the
+        network and processed by OpenSSL, but the full record body has not yet arrived.
+        In this case calling SSL_free_buffers will succeed even though a record has only
+        been partially processed and the buffer is still in use.</p>
+        <p>The second scenario occurs where a full record containing application data has
+        been received and processed by OpenSSL but the application has only read part of
+        this data. Again a call to SSL_free_buffers will succeed even though the buffer
+        is still in use.</p>
+        <p>While these scenarios could occur accidentally during normal operation a
+        malicious attacker could attempt to engineer a stituation where this occurs.
+        We are not aware of this issue being actively exploited.</p>
+        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.6-r0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177">https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d">https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac">https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8">https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8</a></li>
+        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4">https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20240528.txt">https://www.openssl.org/news/secadv/20240528.txt</a></li>
+        </ul>
        
              <hr/>
        
--- a/docs/snyk/v2.10.18/haproxy_2.6.14-alpine.html
+++ b/docs/snyk/v2.10.18/haproxy_2.6.14-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:28:46 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:30:12 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
@@ -2546,9 +2546,43 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
+        <p>Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
+        memory to be accessed that was previously freed in some situations</p>
+        <p>Impact summary: A use after free can have a range of potential consequences such
+        as the corruption of valid data, crashes or execution of arbitrary code.
+        However, only applications that directly call the SSL_free_buffers function are
+        affected by this issue. Applications that do not call this function are not
+        vulnerable. Our investigations indicate that this function is rarely used by
+        applications.</p>
+        <p>The SSL_free_buffers function is used to free the internal OpenSSL buffer used
+        when processing an incoming record from the network. The call is only expected
+        to succeed if the buffer is not currently in use. However, two scenarios have
+        been identified where the buffer is freed even when still in use.</p>
+        <p>The first scenario occurs where a record header has been received from the
+        network and processed by OpenSSL, but the full record body has not yet arrived.
+        In this case calling SSL_free_buffers will succeed even though a record has only
+        been partially processed and the buffer is still in use.</p>
+        <p>The second scenario occurs where a full record containing application data has
+        been received and processed by OpenSSL but the application has only read part of
+        this data. Again a call to SSL_free_buffers will succeed even though the buffer
+        is still in use.</p>
+        <p>While these scenarios could occur accidentally during normal operation a
+        malicious attacker could attempt to engineer a stituation where this occurs.
+        We are not aware of this issue being actively exploited.</p>
+        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.6-r0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177">https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d">https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac">https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8">https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8</a></li>
+        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4">https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20240528.txt">https://www.openssl.org/news/secadv/20240528.txt</a></li>
+        </ul>
        
              <hr/>
        
--- a/docs/snyk/v2.10.18/quay.io_argoproj_argocd_v2.10.18.html
+++ b/docs/snyk/v2.10.18/quay.io_argoproj_argocd_v2.10.18.html
@@ -7,7 +7,7 @@
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Snyk test report</title>
-  <meta name="description" content="33 known vulnerabilities found in 179 vulnerable dependency paths.">
+  <meta name="description" content="34 known vulnerabilities found in 180 vulnerable dependency paths.">
  <base target="_blank">
  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
    sizes="194x194">
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:29:10 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:30:30 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -470,8 +470,8 @@
              </div>
    
              <div class="meta-counts">
-                <div class="meta-count"><span>33</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>179 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>34</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>180 vulnerable dependency paths</span></div>
                <div class="meta-count"><span>2278</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
@@ -480,6 +480,100 @@

    <div class="layout-container" style="padding-top: 35px;">
      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Denial of Service (DoS)</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            k8s.io/apimachinery/pkg/util/runtime
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and k8s.io/apimachinery/pkg/util/runtime@v0.26.11
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        k8s.io/apimachinery/pkg/util/runtime@v0.26.11
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.</p>
+        <h2 id="details">Details</h2>
+        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
+        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
+        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
+        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
+        <p>Two common types of DoS vulnerabilities:</p>
+        <ul>
+        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
+        </li>
+        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
+        </li>
+        </ul>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>k8s.io/apimachinery/pkg/util/runtime</code> to version 0.29.0-alpha.3, 1.29.0-alpha.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/helidon-io/helidon/commit/58f43670086e530750c7cb74b0bec92bf5189c79">Github Commit</a></li>
+        <li><a href="https://github.com/pgjones/hypercorn/commit/7c39c68b61012a3c30979176080861c8b00fb229">Github Commit</a></li>
+        <li><a href="https://github.com/akka/akka-http/commit/1f29fe6a8567c57dfe848a21ae883304cce5646d">GitHub Commit</a></li>
+        <li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
+        <li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
+        <li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
+        <li><a href="https://github.com/gravitational/teleport/commit/15f34f927a45130408eb16ed09af5620270d4d1f">GitHub Commit</a></li>
+        <li><a href="https://github.com/h2o/h2o/commit/28fe15117b909588bf14269a0e1c6ec4548579fe">GitHub Commit</a></li>
+        <li><a href="https://github.com/kubernetes/apimachinery/commit/be9188050914374ee8128239e5a2e5998d7897f5">GitHub Commit</a></li>
+        <li><a href="https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61">GitHub Commit</a></li>
+        <li><a href="https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832">GitHub Commit</a></li>
+        <li><a href="https://github.com/operator-framework/operator-lifecycle-manager/commit/9ec03f07f942dc9cef736957fa152e39157d6e13">GitHub Commit</a></li>
+        <li><a href="https://snyk.io/blog/find-fix-http-2-rapid-reset-zero-day-vulnerability-cve-2023-44487/">Snyk Blog</a></li>
+        <li><a href="https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/">Vulnerability Discovery</a></li>
+        <li><a href="https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack">Vulnerability Explanation</a></li>
+        <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">CISA - Known Exploited Vulnerabilities</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-K8SIOAPIMACHINERYPKGUTILRUNTIME-8367153">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
            <div class="card__section">
@@ -764,6 +858,7 @@
        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
        </ul>
        
              <hr/>
--- a/docs/snyk/v2.10.18/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.10.18/redis_7.0.15-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:29:15 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:30:33 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.11.12/argocd-iac-install.html
+++ b/docs/snyk/v2.11.12/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:28:15 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:29:36 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.11.12/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.11.12/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:28:25 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:29:46 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.11.12/argocd-test.html
+++ b/docs/snyk/v2.11.12/argocd-test.html
--- a/docs/snyk/v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html
+++ b/docs/snyk/v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:26:18 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:27:45 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -3927,9 +3927,43 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.19</code> relevant fixed versions and status.</em></p>
+        <p>Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
+        memory to be accessed that was previously freed in some situations</p>
+        <p>Impact summary: A use after free can have a range of potential consequences such
+        as the corruption of valid data, crashes or execution of arbitrary code.
+        However, only applications that directly call the SSL_free_buffers function are
+        affected by this issue. Applications that do not call this function are not
+        vulnerable. Our investigations indicate that this function is rarely used by
+        applications.</p>
+        <p>The SSL_free_buffers function is used to free the internal OpenSSL buffer used
+        when processing an incoming record from the network. The call is only expected
+        to succeed if the buffer is not currently in use. However, two scenarios have
+        been identified where the buffer is freed even when still in use.</p>
+        <p>The first scenario occurs where a record header has been received from the
+        network and processed by OpenSSL, but the full record body has not yet arrived.
+        In this case calling SSL_free_buffers will succeed even though a record has only
+        been partially processed and the buffer is still in use.</p>
+        <p>The second scenario occurs where a full record containing application data has
+        been received and processed by OpenSSL but the application has only read part of
+        this data. Again a call to SSL_free_buffers will succeed even though the buffer
+        is still in use.</p>
+        <p>While these scenarios could occur accidentally during normal operation a
+        malicious attacker could attempt to engineer a stituation where this occurs.
+        We are not aware of this issue being actively exploited.</p>
+        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Alpine:3.19</code> <code>openssl</code> to version 3.1.6-r0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177">https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d">https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac">https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8">https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8</a></li>
+        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4">https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20240528.txt">https://www.openssl.org/news/secadv/20240528.txt</a></li>
+        </ul>
        
              <hr/>
        
--- a/docs/snyk/v2.11.12/haproxy_2.6.14-alpine.html
+++ b/docs/snyk/v2.11.12/haproxy_2.6.14-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:26:25 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:27:51 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
@@ -2546,9 +2546,43 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
+        <p>Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
+        memory to be accessed that was previously freed in some situations</p>
+        <p>Impact summary: A use after free can have a range of potential consequences such
+        as the corruption of valid data, crashes or execution of arbitrary code.
+        However, only applications that directly call the SSL_free_buffers function are
+        affected by this issue. Applications that do not call this function are not
+        vulnerable. Our investigations indicate that this function is rarely used by
+        applications.</p>
+        <p>The SSL_free_buffers function is used to free the internal OpenSSL buffer used
+        when processing an incoming record from the network. The call is only expected
+        to succeed if the buffer is not currently in use. However, two scenarios have
+        been identified where the buffer is freed even when still in use.</p>
+        <p>The first scenario occurs where a record header has been received from the
+        network and processed by OpenSSL, but the full record body has not yet arrived.
+        In this case calling SSL_free_buffers will succeed even though a record has only
+        been partially processed and the buffer is still in use.</p>
+        <p>The second scenario occurs where a full record containing application data has
+        been received and processed by OpenSSL but the application has only read part of
+        this data. Again a call to SSL_free_buffers will succeed even though the buffer
+        is still in use.</p>
+        <p>While these scenarios could occur accidentally during normal operation a
+        malicious attacker could attempt to engineer a stituation where this occurs.
+        We are not aware of this issue being actively exploited.</p>
+        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.6-r0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177">https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d">https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac">https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8">https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8</a></li>
+        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4">https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20240528.txt">https://www.openssl.org/news/secadv/20240528.txt</a></li>
+        </ul>
        
              <hr/>
        
--- a/docs/snyk/v2.11.12/quay.io_argoproj_argocd_v2.11.12.html
+++ b/docs/snyk/v2.11.12/quay.io_argoproj_argocd_v2.11.12.html
@@ -7,7 +7,7 @@
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Snyk test report</title>
-  <meta name="description" content="34 known vulnerabilities found in 180 vulnerable dependency paths.">
+  <meta name="description" content="35 known vulnerabilities found in 181 vulnerable dependency paths.">
  <base target="_blank">
  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
    sizes="194x194">
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:26:48 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:28:09 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -470,8 +470,8 @@
              </div>
    
              <div class="meta-counts">
-                <div class="meta-count"><span>34</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>180 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>35</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>181 vulnerable dependency paths</span></div>
                <div class="meta-count"><span>2280</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
@@ -480,6 +480,100 @@

    <div class="layout-container" style="padding-top: 35px;">
      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Denial of Service (DoS)</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            k8s.io/apimachinery/pkg/util/runtime
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and k8s.io/apimachinery/pkg/util/runtime@v0.26.11
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        k8s.io/apimachinery/pkg/util/runtime@v0.26.11
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.</p>
+        <h2 id="details">Details</h2>
+        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
+        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
+        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
+        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
+        <p>Two common types of DoS vulnerabilities:</p>
+        <ul>
+        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
+        </li>
+        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
+        </li>
+        </ul>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>k8s.io/apimachinery/pkg/util/runtime</code> to version 0.29.0-alpha.3, 1.29.0-alpha.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/helidon-io/helidon/commit/58f43670086e530750c7cb74b0bec92bf5189c79">Github Commit</a></li>
+        <li><a href="https://github.com/pgjones/hypercorn/commit/7c39c68b61012a3c30979176080861c8b00fb229">Github Commit</a></li>
+        <li><a href="https://github.com/akka/akka-http/commit/1f29fe6a8567c57dfe848a21ae883304cce5646d">GitHub Commit</a></li>
+        <li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
+        <li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
+        <li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
+        <li><a href="https://github.com/gravitational/teleport/commit/15f34f927a45130408eb16ed09af5620270d4d1f">GitHub Commit</a></li>
+        <li><a href="https://github.com/h2o/h2o/commit/28fe15117b909588bf14269a0e1c6ec4548579fe">GitHub Commit</a></li>
+        <li><a href="https://github.com/kubernetes/apimachinery/commit/be9188050914374ee8128239e5a2e5998d7897f5">GitHub Commit</a></li>
+        <li><a href="https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61">GitHub Commit</a></li>
+        <li><a href="https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832">GitHub Commit</a></li>
+        <li><a href="https://github.com/operator-framework/operator-lifecycle-manager/commit/9ec03f07f942dc9cef736957fa152e39157d6e13">GitHub Commit</a></li>
+        <li><a href="https://snyk.io/blog/find-fix-http-2-rapid-reset-zero-day-vulnerability-cve-2023-44487/">Snyk Blog</a></li>
+        <li><a href="https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/">Vulnerability Discovery</a></li>
+        <li><a href="https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack">Vulnerability Explanation</a></li>
+        <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">CISA - Known Exploited Vulnerabilities</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-K8SIOAPIMACHINERYPKGUTILRUNTIME-8367153">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
            <div class="card__section">
@@ -764,6 +858,7 @@
        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
        </ul>
        
              <hr/>
--- a/docs/snyk/v2.11.12/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.11.12/redis_7.0.15-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:26:52 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:28:13 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.12.7/argocd-iac-install.html
+++ b/docs/snyk/v2.12.7/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:25:49 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:27:10 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.12.7/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.12.7/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:25:59 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:27:19 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.12.7/argocd-test.html
+++ b/docs/snyk/v2.12.7/argocd-test.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:23:49 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:25:10 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.12.7/ghcr.io_dexidp_dex_v2.38.0.html
+++ b/docs/snyk/v2.12.7/ghcr.io_dexidp_dex_v2.38.0.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:23:58 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:25:19 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -3927,9 +3927,43 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.19</code> relevant fixed versions and status.</em></p>
+        <p>Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
+        memory to be accessed that was previously freed in some situations</p>
+        <p>Impact summary: A use after free can have a range of potential consequences such
+        as the corruption of valid data, crashes or execution of arbitrary code.
+        However, only applications that directly call the SSL_free_buffers function are
+        affected by this issue. Applications that do not call this function are not
+        vulnerable. Our investigations indicate that this function is rarely used by
+        applications.</p>
+        <p>The SSL_free_buffers function is used to free the internal OpenSSL buffer used
+        when processing an incoming record from the network. The call is only expected
+        to succeed if the buffer is not currently in use. However, two scenarios have
+        been identified where the buffer is freed even when still in use.</p>
+        <p>The first scenario occurs where a record header has been received from the
+        network and processed by OpenSSL, but the full record body has not yet arrived.
+        In this case calling SSL_free_buffers will succeed even though a record has only
+        been partially processed and the buffer is still in use.</p>
+        <p>The second scenario occurs where a full record containing application data has
+        been received and processed by OpenSSL but the application has only read part of
+        this data. Again a call to SSL_free_buffers will succeed even though the buffer
+        is still in use.</p>
+        <p>While these scenarios could occur accidentally during normal operation a
+        malicious attacker could attempt to engineer a stituation where this occurs.
+        We are not aware of this issue being actively exploited.</p>
+        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Alpine:3.19</code> <code>openssl</code> to version 3.1.6-r0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177">https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d">https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac">https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8">https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8</a></li>
+        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4">https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20240528.txt">https://www.openssl.org/news/secadv/20240528.txt</a></li>
+        </ul>
        
              <hr/>
        
--- a/docs/snyk/v2.12.7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.12.7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:24:02 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:25:22 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
@@ -871,9 +871,43 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
+        <p>Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
+        memory to be accessed that was previously freed in some situations</p>
+        <p>Impact summary: A use after free can have a range of potential consequences such
+        as the corruption of valid data, crashes or execution of arbitrary code.
+        However, only applications that directly call the SSL_free_buffers function are
+        affected by this issue. Applications that do not call this function are not
+        vulnerable. Our investigations indicate that this function is rarely used by
+        applications.</p>
+        <p>The SSL_free_buffers function is used to free the internal OpenSSL buffer used
+        when processing an incoming record from the network. The call is only expected
+        to succeed if the buffer is not currently in use. However, two scenarios have
+        been identified where the buffer is freed even when still in use.</p>
+        <p>The first scenario occurs where a record header has been received from the
+        network and processed by OpenSSL, but the full record body has not yet arrived.
+        In this case calling SSL_free_buffers will succeed even though a record has only
+        been partially processed and the buffer is still in use.</p>
+        <p>The second scenario occurs where a full record containing application data has
+        been received and processed by OpenSSL but the application has only read part of
+        this data. Again a call to SSL_free_buffers will succeed even though the buffer
+        is still in use.</p>
+        <p>While these scenarios could occur accidentally during normal operation a
+        malicious attacker could attempt to engineer a stituation where this occurs.
+        We are not aware of this issue being actively exploited.</p>
+        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.0-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177">https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d">https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac">https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8">https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8</a></li>
+        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4">https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20240528.txt">https://www.openssl.org/news/secadv/20240528.txt</a></li>
+        </ul>
        
              <hr/>
        
--- a/docs/snyk/v2.12.7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.12.7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:24:06 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:25:27 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.12.7/quay.io_argoproj_argocd_v2.12.7.html
+++ b/docs/snyk/v2.12.7/quay.io_argoproj_argocd_v2.12.7.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:24:23 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:25:44 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -634,6 +634,7 @@
        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
        </ul>
        
              <hr/>
--- a/docs/snyk/v2.12.7/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.12.7/redis_7.0.15-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:24:27 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:25:48 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.13.0-rc5/argocd-iac-install.html
+++ b/docs/snyk/v2.13.0-rc5/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:23:21 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:24:40 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.13.0-rc5/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.13.0-rc5/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:23:31 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:24:50 am (UTC+00:00)</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.13.0-rc5/argocd-test.html
+++ b/docs/snyk/v2.13.0-rc5/argocd-test.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:21:16 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:22:37 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.13.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.13.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:21:23 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:22:43 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:21:27 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:22:47 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
@@ -871,9 +871,43 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
+        <p>Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
+        memory to be accessed that was previously freed in some situations</p>
+        <p>Impact summary: A use after free can have a range of potential consequences such
+        as the corruption of valid data, crashes or execution of arbitrary code.
+        However, only applications that directly call the SSL_free_buffers function are
+        affected by this issue. Applications that do not call this function are not
+        vulnerable. Our investigations indicate that this function is rarely used by
+        applications.</p>
+        <p>The SSL_free_buffers function is used to free the internal OpenSSL buffer used
+        when processing an incoming record from the network. The call is only expected
+        to succeed if the buffer is not currently in use. However, two scenarios have
+        been identified where the buffer is freed even when still in use.</p>
+        <p>The first scenario occurs where a record header has been received from the
+        network and processed by OpenSSL, but the full record body has not yet arrived.
+        In this case calling SSL_free_buffers will succeed even though a record has only
+        been partially processed and the buffer is still in use.</p>
+        <p>The second scenario occurs where a full record containing application data has
+        been received and processed by OpenSSL but the application has only read part of
+        this data. Again a call to SSL_free_buffers will succeed even though the buffer
+        is still in use.</p>
+        <p>While these scenarios could occur accidentally during normal operation a
+        malicious attacker could attempt to engineer a stituation where this occurs.
+        We are not aware of this issue being actively exploited.</p>
+        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.0-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177">https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d">https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac">https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac</a></li>
+        <li><a href="https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8">https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8</a></li>
+        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4">https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20240528.txt">https://www.openssl.org/news/secadv/20240528.txt</a></li>
+        </ul>
        
              <hr/>
        
--- a/docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:21:32 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:22:50 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.13.0-rc5/quay.io_argoproj_argocd_v2.13.0-rc5.html
+++ b/docs/snyk/v2.13.0-rc5/quay.io_argoproj_argocd_v2.13.0-rc5.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:21:50 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:23:09 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -634,6 +634,7 @@
        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
        </ul>
        
              <hr/>
--- a/docs/snyk/v2.13.0-rc5/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.0-rc5/redis_7.0.15-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">November 10th 2024, 12:21:54 am (UTC+00:00)</p>
+                <p class="timestamp">November 17th 2024, 12:23:13 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>