VYPR

apk package

chainguard/gitlab-exporter-18.11

pkg:apk/chainguard/gitlab-exporter-18.11

Vulnerabilities (4)

  • CVE-2026-54297higJun 19, 2026
    affected < 18.11.5-r2fixed 18.11.5-r2

    # Uncontrolled Recursion in NestedParamsEncoder Allows Stack Exhaustion DoS via Deeply Nested Query Parameters ## Summary `Faraday::NestedParamsEncoder`, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nest

  • CVE-2026-33637NonMay 19, 2026
    affected < 18.11.5-r2fixed 18.11.5-r2

    Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object (rather than a String) to Faraday::Connection#build

  • CVE-2025-61921Oct 10, 2025
    affected < 18.11.5-r2fixed 18.11.5-r2

    Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the respon

  • CVE-2024-21510MedNov 1, 2024
    affected < 18.11.5-r2fixed 18.11.5-r2

    Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbit