VYPR

apk package

chainguard/gitlab-exporter-19.1

pkg:apk/chainguard/gitlab-exporter-19.1

Vulnerabilities (4)

  • CVE-2026-54297higJun 19, 2026
    affected < 19.1.1-r3fixed 19.1.1-r3

    # Uncontrolled Recursion in NestedParamsEncoder Allows Stack Exhaustion DoS via Deeply Nested Query Parameters ## Summary `Faraday::NestedParamsEncoder`, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nest

  • CVE-2026-47737higJun 9, 2026
    affected < 19.1.1-r1fixed 19.1.1-r1

    ### Impact Puma is vulnerable to source IP spoofing when `set_remote_address proxy_protocol: :v1` is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. [Support was added to Puma in v5.5.0](https://github.com/puma/puma/issues/2651). A

  • CVE-2026-47736higJun 8, 2026
    affected < 19.1.1-r1fixed 19.1.1-r1

    ### Impact [PROXY protocol support for Puma](https://github.com/puma/puma/issues/2651) was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present.

  • CVE-2026-33637NonMay 19, 2026
    affected < 19.1.1-r3fixed 19.1.1-r3

    Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object (rather than a String) to Faraday::Connection#build