Unknown · Knative.Dev/Func · CVE-2022-41939
**Name of the Vulnerable Software and Affected Versions**
knative.dev/func versions prior to 1.8.1
**Description**
The issue affects developers using malicious or compromised third-party buildpacks, potentially exposing their registry credentials or local docker socket to a malicious `lifecycle` container. This issue only affects users who are using function buildpacks from third-parties.
**Recommendations**
For versions prior to 1.8.1, update to release 1.8.1 to resolve the issue. As a temporary workaround, consider pinning the builder image to a specific content-hash with a valid `lifecycle` image to mitigate the attack.