apk package
chainguard/envoy-gateway-1.7-egctl
pkg:apk/chainguard/envoy-gateway-1.7-egctl
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-50162 | mod | 5.3 | < 1.7.4-r1 | 1.7.4-r1 | Jul 1, 2026 | oras-go: oras-go: File store write outside working directory via symlink traversal | |
| CVE-2026-50151 | mod | 5.9 | < 1.7.4-r1 | 1.7.4-r1 | Jul 1, 2026 | oras-go: oras-go: Credential forwarding via unvalidated Location header during blob upload | |
| CVE-2026-48978 | low | 3.1 | < 1.7.4-r1 | 1.7.4-r1 | Jul 1, 2026 | oras-go: oras-go: Information disclosure and TLS downgrade via malicious registry realm | |
| CVE-2026-53488 | hig | — | < 1.7.4-r2 | 1.7.4-r2 | Jun 19, 2026 | ### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f |
- affected < 1.7.4-r1fixed 1.7.4-r1
oras-go: oras-go: File store write outside working directory via symlink traversal
- affected < 1.7.4-r1fixed 1.7.4-r1
oras-go: oras-go: Credential forwarding via unvalidated Location header during blob upload
- affected < 1.7.4-r1fixed 1.7.4-r1
oras-go: oras-go: Information disclosure and TLS downgrade via malicious registry realm
- affected < 1.7.4-r2fixed 1.7.4-r2
### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f