High severity7.5OSV Advisory· Published Jun 3, 2024· Updated Apr 15, 2026
CVE-2024-36127
CVE-2024-36127
Description
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
chainguard.dev/apkoGo | < 0.14.5 | 0.14.5 |
Affected products
8- Range: v0.1, v0.1.1, v0.1.2, …
- osv-coords7 versionspkg:apk/chainguard/melangepkg:apk/chainguard/melange-microvm-initpkg:apk/chainguard/pombumppkg:apk/wolfi/melangepkg:apk/wolfi/melange-microvm-initpkg:apk/wolfi/pombumppkg:golang/chainguard.dev/apko
< 0.8.3-r2+ 6 more
- (no CPE)range: < 0.8.3-r2
- (no CPE)range: < 0.8.3-r2
- (no CPE)range: < 0.0.12-r4
- (no CPE)range: < 0.8.3-r2
- (no CPE)range: < 0.8.3-r2
- (no CPE)range: < 0.0.12-r4
- (no CPE)range: < 0.14.5
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.