VYPR

apk package

chainguard/gitlab-rails-ce-fips-18.10

pkg:apk/chainguard/gitlab-rails-ce-fips-18.10

Vulnerabilities (61)

  • CVE-2026-27140HigApr 8, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

  • CVE-2026-29181HigApr 7, 2026
    affected < 18.10.4-r2fixed 18.10.4-r2

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many bagg

  • CVE-2026-34831MedApr 2, 2026
    affected < 18.10.4-r0fixed 18.10.4-r0

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length

  • CVE-2026-34830MedApr 2, 2026
    affected < 18.10.4-r0fixed 18.10.4-r0

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the head

  • CVE-2026-34829HigApr 2, 2026
    affected < 18.10.4-r0fixed 18.10.4-r0

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HT

  • CVE-2026-34826MedApr 2, 2026
    affected < 18.10.4-r0fixed 18.10.4-r0

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.get_byte_ranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte c

  • CVE-2026-34786MedApr 2, 2026
    affected < 18.10.4-r0fixed 18.10.4-r0

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules evaluates several header_rules types against the raw URL-encoded PATH_INFO, while the underlying file-serving path is decoded before the file is served. As a re

  • CVE-2026-34785HigApr 2, 2026
    affected < 18.10.4-r0fixed 18.10.4-r0

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path

  • CVE-2026-34763MedApr 2, 2026
    affected < 18.10.4-r0fixed 18.10.4-r0

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, *, or .,

  • CVE-2026-34230MedApr 2, 2026
    affected < 18.10.4-r0fixed 18.10.4-r0

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.select_best_encoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard (*) entries. Because this method is used by Rack::Defl

  • CVE-2026-26961LowApr 2, 2026
    affected < 18.10.4-r0fixed 18.10.4-r0

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack sel

  • CVE-2026-34165MedMar 31, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and re

  • CVE-2026-33762LowMar 31, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can t

  • CVE-2026-33658MedMar 26, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes d

  • CVE-2026-33202Mar 23, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#delete_prefixed` passes blob keys directly to `Dir.glob` without escaping glob metacharacters. If a blob key contains

  • CVE-2026-33195Mar 23, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key

  • CVE-2026-33176Mar 23, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which `BigDecimal` expands

  • CVE-2026-33168LowMar 23, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed

  • CVE-2026-33170Mar 23, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in pl

  • CVE-2026-33169Mar 23, 2026
    affected < 18.10.3-r0fixed 18.10.3-r0

    Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the i