apk package
chainguard/airflow-2-iamguarded-compat
pkg:apk/chainguard/airflow-2-iamguarded-compat
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-27152 | — | < 2.11.0-r15 | 2.11.0-r15 | Mar 7, 2025 | axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka | ||
| CVE-2024-52338 | — | < 2.11.0-r15 | 2.11.0-r15 | Nov 28, 2024 | Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example, user-suppli | ||
| CVE-2024-39338 | — | < 2.11.0-r15 | 2.11.0-r15 | Aug 9, 2024 | axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. | ||
| CVE-2015-7764 | Hig | 7.5 | < 2.11.0-r15 | 2.11.0-r15 | Aug 9, 2017 | Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. |
- CVE-2025-27152Mar 7, 2025affected < 2.11.0-r15fixed 2.11.0-r15
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka
- CVE-2024-52338Nov 28, 2024affected < 2.11.0-r15fixed 2.11.0-r15
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example, user-suppli
- CVE-2024-39338Aug 9, 2024affected < 2.11.0-r15fixed 2.11.0-r15
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
- affected < 2.11.0-r15fixed 2.11.0-r15
Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.
Page 2 of 2