Security bug – Keda version 2.16.1 version has Microsoft Azure Active Directory Authentication Library (ADAL)
Table of Contents
Report
Azure Active Directory Authentication Library for .NET (ADAL.NET) has reached its end of life. This component is used by Keda version 2.16.1 as Go Package: github.com/Azure/go-autorest/autorest/adal version 0.9.5. Kindly switch this component to a newer version.
Expected Behavior
Azure Active Directory Authentication Library for .NET (ADAL.NET) used in Keda latest version has to be switched to a supported version.
Actual Behavior
Azure Active Directory Authentication Library for .NET (ADAL.NET) has reached its end of life. This component is used by Keda version 2.16.1 as part of Go Package: github.com/Azure/go-autorest/autorest/adal 0.9.5 version
Steps to Reproduce the Problem
- pull the latest image of keda version 2.16.1
- scan the image to check for security vulnerabilities
- Go Package: github.com/Azure/go-autorest/autorest/adal : ADAL as part of the Keda image would have reached EOL
Logs from KEDA operator
No response
KEDA Version
2.16.1
Kubernetes Version
1.31
Platform
None
Scaler Details
No response
Anything else?
No response
Read more here: Source link