CVE-2022-41939

Name of the Vulnerable Software and Affected Versions knative.dev/func versions prior to 1.8.1

Description The issue affects developers using malicious or compromised third-party buildpacks, potentially exposing their registry credentials or local docker socket to a malicious lifecycle container. This issue only affects users who are using function buildpacks from third-parties.

Recommendations For versions prior to 1.8.1, update to release 1.8.1 to resolve the issue. As a temporary workaround, consider pinning the builder image to a specific content-hash with a valid lifecycle image to mitigate the attack.