VYPR

apk package

chainguard/gitaly-git-fips-17.5

pkg:apk/chainguard/gitaly-git-fips-17.5

Vulnerabilities (4)

  • CVE-2025-21614Jan 6, 2025
    affected < 17.5.4-r4fixed 17.5.4-r4

    go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted respons

  • CVE-2025-21613Jan 6, 2025
    affected < 17.5.4-r4fixed 17.5.4-r4

    go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flag

  • CVE-2024-45338MedDec 18, 2024
    affected < 17.5.4-r3fixed 17.5.4-r3

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

  • CVE-2019-3826Mar 26, 2019
    affected < 0fixed 0

    A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri