apk package
chainguard/commercial-grafana-13.0
pkg:apk/chainguard/commercial-grafana-13.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42504 | Hig | 7.5 | < 13.0.3-r0 | 13.0.3-r0 | Jun 2, 2026 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. | |
| CVE-2026-27145 | Med | 6.5 | < 13.0.3-r0 | 13.0.3-r0 | Jun 2, 2026 | (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratic | |
| CVE-2026-42154 | Hig | 7.5 | < 13.0.3-r1 | 13.0.3-r1 | May 4, 2026 | Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated atta |
- affected < 13.0.3-r0fixed 13.0.3-r0
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.
- affected < 13.0.3-r0fixed 13.0.3-r0
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratic
- affected < 13.0.3-r1fixed 13.0.3-r1
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated atta