VYPR

apk package

chainguard/envoy-gateway-1.7-egctl

pkg:apk/chainguard/envoy-gateway-1.7-egctl

Vulnerabilities (4)

  • CVE-2026-50162modJul 1, 2026
    affected < 1.7.4-r1fixed 1.7.4-r1

    oras-go: oras-go: File store write outside working directory via symlink traversal

  • CVE-2026-50151modJul 1, 2026
    affected < 1.7.4-r1fixed 1.7.4-r1

    oras-go: oras-go: Credential forwarding via unvalidated Location header during blob upload

  • CVE-2026-48978lowJul 1, 2026
    affected < 1.7.4-r1fixed 1.7.4-r1

    oras-go: oras-go: Information disclosure and TLS downgrade via malicious registry realm

  • CVE-2026-53488higJun 19, 2026
    affected < 1.7.4-r2fixed 1.7.4-r2

    ### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f