VYPR

apk package

chainguard/crossplane-2.3-crank

pkg:apk/chainguard/crossplane-2.3-crank

Vulnerabilities (3)

  • CVE-2026-53488higJun 19, 2026
    affected < 2.3.3-r0fixed 2.3.3-r0

    ### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f

  • CVE-2026-47262Jun 19, 2026
    affected < 2.3.3-r0fixed 2.3.3-r0

    ### Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the contai

  • CVE-2026-41178MedJun 4, 2026
    affected < 2.3.3-r1fixed 2.3.3-r1

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the iss