Skip to content

fix(security): patch CRITICAL/HIGH CVEs in golang-adk-full and app images#2133

Merged
EItanya merged 1 commit into
kagent-dev:mainfrom
jsonmp-k8:fix/security-vuln-cve-2026
Jul 2, 2026
Merged

fix(security): patch CRITICAL/HIGH CVEs in golang-adk-full and app images#2133
EItanya merged 1 commit into
kagent-dev:mainfrom
jsonmp-k8:fix/security-vuln-cve-2026

Conversation

@jsonmp-k8

@jsonmp-k8 jsonmp-k8 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes CRITICAL and HIGH severity vulnerabilities detected by Trivy in the Scan images CI workflow.

golang-adk-full image:

  • shell-quote CVE-2026-9277 (CRITICAL) — Arbitrary code execution; pin to 1.8.4 alongside the existing lodash-es override in go/Dockerfile.full

app image:

  • PyJWT CVE-2026-48526 (HIGH) — Authentication bypass via forged tokens; bump constraint from >=2.12.0>=2.13.0 in agentsts-core, agentsts-adk, and workspace constraint-dependencies; lock resolves to 2.13.0
  • pyarrow CVE-2026-25087 (HIGH) — Denial of Service via Use-After-Free; add workspace constraint >=23.0.1; lock resolves to 24.0.0

Remaining / blocked:

  • starlette CVE-2026-48818 + CVE-2026-54283 (HIGH) — Fix requires starlette >=1.3.1 (1.x), but google-adk>=1.28.1,<2 pins starlette<1.0.0. A follow-up PR upgrading agentsts-adk to google-adk>=2 is needed to fully close these.

Changes

File Change
go/Dockerfile.full Add shell-quote@1.8.4 to sandbox-runtime npm overrides
python/packages/agentsts-core/pyproject.toml PyJWT>=2.12.0>=2.13.0
python/packages/agentsts-adk/pyproject.toml PyJWT>=2.12.0>=2.13.0
python/pyproject.toml Add pyjwt>=2.13.0 and pyarrow>=23.0.1 to constraint-dependencies
python/uv.lock pyjwt 2.12.12.13.0, pyarrow 21.0.024.0.0, starlette 0.50.00.52.1

Test plan

  • Scan images CI passes for golang-adk-full (shell-quote CVE cleared)
  • Scan images CI passes for app (PyJWT + pyarrow CVEs cleared)
  • All existing unit/integration tests pass

Copilot AI review requested due to automatic review settings July 1, 2026 18:14
@github-actions github-actions Bot added the bug Something isn't working label Jul 1, 2026
@github-actions github-actions Bot added bug Something isn't working and removed bug Something isn't working labels Jul 1, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates build and Python dependency constraints/lockfiles to remediate CRITICAL/HIGH CVEs found by Trivy in the image scanning workflow, targeting both the golang-adk-full image (Node dependency) and the Python “app” image (PyJWT/pyarrow).

Changes:

  • Update go/Dockerfile.full to install patched Node packages in the pinned sandbox-runtime build (adds shell-quote@1.8.4 alongside existing lodash-es pinning).
  • Bump Python workspace/package constraints for PyJWT to >=2.13.0 and add a workspace constraint for pyarrow>=23.0.1.
  • Regenerate python/uv.lock to resolve pyjwt to 2.13.0 and pyarrow to 24.0.0 (with incidental dependency resolution updates like starlette).

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
go/Dockerfile.full Installs patched npm package versions during sandbox-runtime build to address the reported Node CVE.
python/packages/agentsts-core/pyproject.toml Raises PyJWT minimum version to pick up the security fix.
python/packages/agentsts-adk/pyproject.toml Raises PyJWT minimum version to pick up the security fix.
python/pyproject.toml Adds workspace constraints for pyjwt and pyarrow to force patched versions in the environment.
python/uv.lock Updates resolved versions (notably pyjwt and pyarrow) consistent with the new constraints.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread go/Dockerfile.full
@jsonmp-k8 jsonmp-k8 force-pushed the fix/security-vuln-cve-2026 branch 3 times, most recently from 01cce93 to 2f28943 Compare July 1, 2026 18:28
- shell-quote (CVE-2026-9277, CRITICAL): use npm overrides in golang-adk-full
  Dockerfile to guarantee the patched 1.8.4 is used throughout the resolved
  tree, including transitive copies
- PyJWT (CVE-2026-48526, HIGH): bump constraint from >=2.12.0 to >=2.13.0
  in agentsts-core, agentsts-adk, and the workspace constraint-dependencies
- pyarrow (CVE-2026-25087, HIGH): add workspace constraint >=23.0.1;
  lock resolves to 24.0.0
- starlette (CVE-2026-48818, CVE-2026-54283, HIGH): fix requires starlette
  1.x which is blocked by google-adk<2 requiring starlette<1.0.0; a separate
  PR to upgrade google-adk to v2 is needed to fully resolve these

Signed-off-by: Jaison Paul <paul.jaison@gmail.com>
@jsonmp-k8 jsonmp-k8 force-pushed the fix/security-vuln-cve-2026 branch from 2f28943 to 0a83765 Compare July 1, 2026 18:32

@EItanya EItanya left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much :)

@EItanya EItanya merged commit 42a656a into kagent-dev:main Jul 2, 2026
25 checks passed
@jsonmp-k8

Copy link
Copy Markdown
Contributor Author

Thanks for the detailed review — both points are valid. Opened #2138 as the follow-up:

  1. Sample lockfile gap — you're right that python/samples/adk/basic/uv.lock was untouched here and still resolves starlette 0.47.2. The image-scan workflow doesn't cover the sample, but the exposure is real. fix(security): patch starlette CVE-2026-48818 and CVE-2026-54283 #2138 regenerates that lockfile too (built in an isolated context since the sample's Docker build treats it as standalone).

  2. google-adk major upgrade scope — you're right that a v1→v2 bump is a large change to fold into a security patch. It isn't scope creep though; the chain is forced:

    • Both starlette CVEs are fixed only in the 1.x line (no 0.x backport)
    • google-adk<2 hard-pins starlette<1.0.0
    • google-adk 2.2.0 is the earliest 2.x release that supports starlette>=1.0.1 while staying under kagent-core's existing opentelemetry-api<1.39.0 pin (2.3.0 would have forced an opentelemetry bump too)

    If a VEX / .trivyignore route makes more sense — treating the CVEs as non-exploitable in kagent's usage after auditing StaticFiles / application/x-www-form-urlencoded surface — happy to switch fix(security): patch starlette CVE-2026-48818 and CVE-2026-54283 #2138 over. Let me know which direction reviewers prefer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants