github.com/projectcalico/calico

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/projectcalico/calicopage 1 of 1

CVE-2020-13597MEDIUMCVSS 6.0EG 6.0✓ Fixed in 3.8.9
2020-06-03
Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure th…
CVE-2022-28224MEDIUMCVSS 5.5EG 5.5✓ Fixed in 3.20.5
2022-06-06
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a f…
CVE-2023-41378HIGHCVSS 7.5EG 7.5
2023-11-06
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. …
CVE-2024-33522MEDIUMCVSS 6.7EG 6.7
2024-04-29
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges b…

Check whether github.com/projectcalico/calico is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/projectcalico/calico CVEs against the assets you own.

Start Free Scan →