VYPR

apk package

chainguard/bom

pkg:apk/chainguard/bom

Vulnerabilities (88)

  • CVE-2023-45283HigNov 9, 2023
    affected < 0fixed 0

    The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,

  • CVE-2023-39325HigOct 11, 2023
    affected < 0.6.0-r0fixed 0.6.0-r0

    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 0.6.0-r0fixed 0.6.0-r0

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-3978MedAug 2, 2023
    affected < 0.6.0-r0fixed 0.6.0-r0

    Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

  • CVE-2023-2253MedJun 6, 2023
    affected < 0.6.0-r0fixed 0.6.0-r0

    A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all

  • CVE-2023-28842MedApr 4, 2023
    affected < 0.6.0-r0fixed 0.6.0-r0

    Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docke

  • CVE-2023-28841MedApr 4, 2023
    affected < 0.6.0-r0fixed 0.6.0-r0

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker

  • CVE-2023-28840HigApr 4, 2023
    affected < 0.6.0-r0fixed 0.6.0-r0

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docke

Page 5 of 5