VYPR

apk package

chainguard/flux-source-controller-2.0

pkg:apk/chainguard/flux-source-controller-2.0

Vulnerabilities (3)

  • CVE-2023-49568Jan 12, 2024
    affected < 1.0.1-r4fixed 1.0.1-r4

    A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. A

  • CVE-2023-48795MedDec 18, 2023
    affected < 1.0.1-r2fixed 1.0.1-r2

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end

  • CVE-2023-46737Nov 7, 2023
    affected < 1.0.1-r1fixed 1.0.1-r1

    Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long