Fluxcd Source-Controller vulnerabilities

CVE-2024-31216 [MEDIUM] CWE-532 CVE-2024-31216: The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external s The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to version 1.2.5, when source-controller was configured to use

CVE-2022-39272 [MEDIUM] CWE-1284 CVE-2022-39272: Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of