About：/debug/pprof and CVE-2019-11248，HELP

[02darlingX]

Dear Experts,

The **/debug/pprof** debugging port has been flagged by our company's security team as a security risk-CVE-2019-11248 during their scans.
I have tried several approaches including using NetworkPolicy, and parameters like **--telemetry-host=127.0.0.1** and -**-telemetry-port=8081**, but none seem to be effective.
During verification, when I run curl -v http://<nodeip>:8080/debug/pprof, the request is still redirected and does not return the expected 404 error.

Why do the args: - "--telemetry-host=127.0.0.1", - "--telemetry-port=8081", - --host=0.0.0.0, - --port=8080 not work?
Are there any other quick and effective methods besides upgrading?

PS: 1、The Kubernetes cluster version is Alibaba Cloud version 1.18,
and the deployed kube-state-metrics version is 1.9.8.
2、This older version deploys without obvious errors in the logs,
whereas newer versions generate error messages after deployment.So my colleague select the v1.9.8.
3、Expose the metrics port 8080 to the external Prometheus outside the cluster via NodePort 32667 for monitoring collection.

[02darlingX]

Sorry,my debug command was:curl -v http://$nodeip:32667/debug/pprof

Then,it came back:
Trying 20.x.x.x:32667...
Connected to 20.x.x.x (20.x.x.x) port 32667 (#0)

GET /debug/pprof HTTP/1.1
Host: 20.x.x.x:32667
User-Agent: curl/7.71.1
Accept: /

• Mark bundle as not supporting multiuse
  < HTTP/1.1 301 Moved Permanently
  < Content-Type: text/html; charset=utf-8
  < Location: /debug/pprof/
  < Date: Tue, 28 Oct 2025 01:55:09 GMT
  < Content-Length: 48
  <
  Moved Permanently.

• Connection #0 to host 20.x.x.x left intact