VYPR

apk package

chainguard/gitlab-kas-18.11

pkg:apk/chainguard/gitlab-kas-18.11

Vulnerabilities (24)

  • CVE-2026-39827MedMay 22, 2026
    affected < 0fixed 0

    An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state

  • CVE-2026-41889CriMay 8, 2026
    affected < 18.11.3-r1fixed 18.11.3-r1

    pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placehol

  • CVE-2026-33814HigMay 7, 2026
    affected < 0fixed 0

    When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

  • CVE-2026-34986HigApr 6, 2026
    affected < 18.11.2-r1fixed 18.11.2-r1

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW

Page 2 of 2