apk package
chainguard/chainloop-control-plane
pkg:apk/chainguard/chainloop-control-plane
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33997 | Med | 6.8 | < 1.100.8-r0 | 1.100.8-r0 | Mar 31, 2026 | Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorre | |
| CVE-2026-32285 | Hig | 7.5 | < 1.83.0-r1 | 1.83.0-r1 | Mar 26, 2026 | The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack. | |
| CVE-2026-33186 | Cri | 9.1 | < 1.83.0-r0 | 1.83.0-r0 | Mar 20, 2026 | gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi |
- affected < 1.100.8-r0fixed 1.100.8-r0
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorre
- affected < 1.83.0-r1fixed 1.83.0-r1
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
- affected < 1.83.0-r0fixed 1.83.0-r0
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi
Page 3 of 3