apk package
chainguard/consul-k8s-fips-2.0-cli
pkg:apk/chainguard/consul-k8s-fips-2.0-cli
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-50162 | mod | 5.3 | < 2.0.1-r3 | 2.0.1-r3 | Jul 1, 2026 | oras-go: oras-go: File store write outside working directory via symlink traversal | |
| CVE-2026-50151 | mod | 5.9 | < 2.0.1-r3 | 2.0.1-r3 | Jul 1, 2026 | oras-go: oras-go: Credential forwarding via unvalidated Location header during blob upload | |
| CVE-2026-48978 | low | 3.1 | < 2.0.1-r3 | 2.0.1-r3 | Jul 1, 2026 | oras-go: oras-go: Information disclosure and TLS downgrade via malicious registry realm | |
| CVE-2026-53492 | hig | — | < 2.0.1-r2 | 2.0.1-r2 | Jun 19, 2026 | ### Impact containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations fro | |
| CVE-2026-53489 | hig | — | < 2.0.1-r2 | 2.0.1-r2 | Jun 19, 2026 | ### Impact A bug was found in containerd where the CRI plugin restores `container.log` from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via `kubectl logs`. ### Patches This bug has been fixed in the following | |
| CVE-2026-53488 | hig | — | < 2.0.0-r3 | 2.0.0-r3 | Jun 19, 2026 | ### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f | |
| CVE-2026-47262 | — | < 2.0.0-r3 | 2.0.0-r3 | Jun 19, 2026 | ### Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the contai |
- affected < 2.0.1-r3fixed 2.0.1-r3
oras-go: oras-go: File store write outside working directory via symlink traversal
- affected < 2.0.1-r3fixed 2.0.1-r3
oras-go: oras-go: Credential forwarding via unvalidated Location header during blob upload
- affected < 2.0.1-r3fixed 2.0.1-r3
oras-go: oras-go: Information disclosure and TLS downgrade via malicious registry realm
- affected < 2.0.1-r2fixed 2.0.1-r2
### Impact containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations fro
- affected < 2.0.1-r2fixed 2.0.1-r2
### Impact A bug was found in containerd where the CRI plugin restores `container.log` from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via `kubectl logs`. ### Patches This bug has been fixed in the following
- affected < 2.0.0-r3fixed 2.0.0-r3
### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f
- CVE-2026-47262Jun 19, 2026affected < 2.0.0-r3fixed 2.0.0-r3
### Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the contai