VYPR

apk package

chainguard/gitlab-container-registry-18.3

pkg:apk/chainguard/gitlab-container-registry-18.3

Vulnerabilities (4)

  • CVE-2025-11065MedJan 26, 2026
    affected < 18.3.1-r0fixed 18.3.1-r0

    A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data process

  • CVE-2025-61772Oct 7, 2025
    affected < 18.3.4-r0fixed 18.3.4-r0

    Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incomin

  • CVE-2025-61771Oct 7, 2025
    affected < 18.3.4-r0fixed 18.3.4-r0

    Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request

  • CVE-2025-61770Oct 7, 2025
    affected < 18.3.4-r0fixed 18.3.4-r0

    Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid