VYPR

apk package

chainguard/flux-source-controller-fips

pkg:apk/chainguard/flux-source-controller-fips

Vulnerabilities (104)

  • CVE-2024-47534HigOct 1, 2024
    affected < 1.7.3-r1fixed 1.7.3-r1

    go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but

  • CVE-2024-34158HigSep 6, 2024
    affected < 1.3.0-r1fixed 1.3.0-r1

    Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

  • CVE-2024-34156HigSep 6, 2024
    affected < 1.3.0-r1fixed 1.3.0-r1

    Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

  • CVE-2024-34155MedSep 6, 2024
    affected < 1.3.0-r1fixed 1.3.0-r1

    Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

Page 6 of 6