apk package
chainguard/azure-functions-extension-bundles-4
pkg:apk/chainguard/azure-functions-extension-bundles-4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48109 | hig | — | < 4.36.0-r1 | 4.36.0-r1 | Jun 11, 2026 | ### Impact A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes `Lz4Block` and `Lz4BlockArray`. The decoder implementation is based on a deprecated fast-decompression algorithm that does not take a source-length bound. A remote att | |
| CVE-2025-55315 | — | < 4.28.0-r1 | 4.28.0-r1 | Oct 14, 2025 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. |
- affected < 4.36.0-r1fixed 4.36.0-r1
### Impact A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes `Lz4Block` and `Lz4BlockArray`. The decoder implementation is based on a deprecated fast-decompression algorithm that does not take a source-length bound. A remote att
- CVE-2025-55315Oct 14, 2025affected < 4.28.0-r1fixed 4.28.0-r1
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.