apk package
chainguard/argo-events-fips-compat
pkg:apk/chainguard/argo-events-fips-compat
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46402 | — | < 1.9.2-r1 | 1.9.2-r1 | Nov 17, 2023 | git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go. | ||
| CVE-2023-37475 | — | < 1.9.2-r1 | 1.9.2-r1 | Jul 17, 2023 | Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial |
- CVE-2023-46402Nov 17, 2023affected < 1.9.2-r1fixed 1.9.2-r1
git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go.
- CVE-2023-37475Jul 17, 2023affected < 1.9.2-r1fixed 1.9.2-r1
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial
Page 2 of 2