VYPR

apk package

chainguard/gitlab-cng-ee-17.1-geo-logcursor-scripts

pkg:apk/chainguard/gitlab-cng-ee-17.1-geo-logcursor-scripts

Vulnerabilities (2)

  • CVE-2024-42367Aug 9, 2024
    affected < 17.1.4-r0fixed 17.1.4-r0

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root director

  • CVE-2024-37891Jun 17, 2024
    affected < 17.1.7-r0fixed 17.1.7-r0

    urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it'