There are a few of security alerts on the openshift-template-validator.

It would be good to have them fixed.

CVEs:

• CVE-2023-2253: distribution catalog API endpoint can lead to OOM via malicious user input
• CVE-2023-28840: Docker Swarm encrypted overlay network may be unauthenticated
• CVE-2017-11468: Docker Registry has Allocation of Resources Without Limits or Throttling
• GHSA-74fp-r6jw-h4mp: Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON parsing
• CVE-2020-8558: Improper Authentication in Kubernetes
• CVE-2021-25741: Files or Directories Accessible to External Parties in kubernetes
• CVE-2023-28841: Docker Swarm encrypted overlay network traffic may be unencrypted
• CVE-2023-28842: Docker Swarm encrypted overlay network with a single endpoint is unauthenticated
• CVE-2019-11250: Kubernetes client-go library logs may disclose credentials to unauthorized users
• -CVE-2020-8565 and CVE-2020-8564: Sensitive Information leak via Log File in Kubernetes -
• CVE-2021-25735: Access Restriction Bypass in kube-apiserver
• CVE-2020-8561: Confused Deputy in Kubernetes
• CVE-2020-8554: Unverified Ownership in Kubernetes
• CVE-2023-2431: Kubelet vulnerable to bypass of seccomp profile enforcement
• CVE-2020-8562: Potential proxy IP restriction bypass in Kubernetes
• CVE-2021-25740: Confused Deputy in Kubernetes
• CVE-2022-27191: Use of a Broken or Risky Cryptographic Algorithm in golang.org/x/crypto/ssh
• CVE-2022-41721: golang.org/x/net/http2/h2c vulnerable to request smuggling attack
• CVE-2021-33194: golang.org/x/net/html Infinite Loop vulnerability
• CVE-2020-29652: golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
• CVE-2021-43565: x/crypto/ssh vulnerable to panic via SSH server
• CVE-2022-27664: golang.org/x/net/http2 Denial of Service vulnerability
• CVE-2022-41723: Uncontrolled Resource Consumption
• CVE-2018-14632: JSON-Patch Out-of-bounds Write vulnerability