apk package

chainguard/flux-image-automation-controller-iamguarded-compat

pkg:apk/chainguard/flux-image-automation-controller-iamguarded-compat

Vulnerabilities (23)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-45283	—	< 0	0	Nov 9, 2023	The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,
CVE-2023-39325	—	< 0.36.1-r3	0.36.1-r3	Oct 11, 2023	A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack
CVE-2023-3978	—	< 0.36.1-r3	0.36.1-r3	Aug 2, 2023	Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-45283Nov 9, 2023
affected < 0fixed 0
The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,
CVE-2023-39325Oct 11, 2023
affected < 0.36.1-r3fixed 0.36.1-r3
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack
CVE-2023-3978Aug 2, 2023
affected < 0.36.1-r3fixed 0.36.1-r3
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Page 2 of 2