VYPR

apk package

chainguard/clickhouse-operator-fips-metrics-exporter

pkg:apk/chainguard/clickhouse-operator-fips-metrics-exporter

Vulnerabilities (25)

  • CVE-2025-68119Jan 28, 2026
    affected < 0.25.6-r1fixed 0.25.6-r1

    Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are

  • CVE-2025-4673MedJun 11, 2025
    affected < 0.25.0-r1fixed 0.25.0-r1

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

  • CVE-2025-22874HigJun 11, 2025
    affected < 0.25.0-r1fixed 0.25.0-r1

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

  • CVE-2025-22872MedApr 16, 2025
    affected < 0.24.5-r2fixed 0.24.5-r2

    The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul

  • CVE-2025-22871CriApr 8, 2025
    affected < 0.24.5-r1fixed 0.24.5-r1

    The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Page 2 of 2