VYPR

apk package

chainguard/gitlab-rails-ce-fips-19.0

pkg:apk/chainguard/gitlab-rails-ce-fips-19.0

Vulnerabilities (39)

  • CVE-2026-39834CriMay 22, 2026
    affected < 19.0.1-r1fixed 19.0.1-r1

    When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent trunca

  • CVE-2026-39833CriMay 22, 2026
    affected < 0fixed 0

    The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns a

  • CVE-2026-39832CriMay 22, 2026
    affected < 19.0.1-r1fixed 19.0.1-r1

    When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now

  • CVE-2026-39831CriMay 22, 2026
    affected < 19.0.1-r1fixed 19.0.1-r1

    The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the

  • CVE-2026-39830CriMay 22, 2026
    affected < 19.0.1-r1fixed 19.0.1-r1

    A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now

  • CVE-2026-39829HigMay 22, 2026
    affected < 19.0.1-r1fixed 19.0.1-r1

    The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clien

  • CVE-2026-39828MedMay 22, 2026
    affected < 0fixed 0

    When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with Par

  • CVE-2026-39827MedMay 22, 2026
    affected < 19.0.1-r1fixed 19.0.1-r1

    An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state

  • CVE-2026-46680higMay 21, 2026
    affected < 19.0.1-r3fixed 19.0.1-r3

    ### Impact A bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the con

  • CVE-2026-33637NonMay 19, 2026
    affected < 19.0.2-r2fixed 19.0.2-r2

    Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object (rather than a String) to Faraday::Connection#build

  • CVE-2026-45363higMay 18, 2026
    affected < 19.0.1-r4fixed 19.0.1-r4

    `JWT.decode(token, '', true, algorithm: 'HS256')` accepts an attacker-forged token. `OpenSSL::HMAC.digest('SHA256', '', payload)` returns a valid digest under an empty key, and no `raise InvalidKeyError if key.empty?` precondition exists in the HMAC algorithm. ``` JWT.decode(t

  • CVE-2026-35611HigApr 7, 2026
    affected < 19.0.2-r1fixed 19.0.2-r1

    Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic b

  • CVE-2026-33941HigMar 27, 2026
    affected < 19.0.3-r1fixed 19.0.3-r1

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and several CLI options — directly i

  • CVE-2026-33940HigMar 27, 2026
    affected < 19.0.3-r1fixed 19.0.3-r1

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to return `undefined`. The Handlebar

  • CVE-2026-33939HigMar 27, 2026
    affected < 19.0.3-r1fixed 19.0.3-r1

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls `lookupProperty(decorators, "n")

  • CVE-2026-33938HigMar 27, 2026
    affected < 19.0.3-r1fixed 19.0.3-r1

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objec

  • CVE-2026-33937CriMar 27, 2026
    affected < 19.0.3-r1fixed 19.0.3-r1

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST node is emitted directly into the ge

  • CVE-2026-33916MedMar 27, 2026
    affected < 19.0.3-r1fixed 19.0.3-r1

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime resolves partial names via a plain property lookup on `options.partials` without guarding against prototype-chain traversal

  • CVE-2025-15558Mar 4, 2026
    affected < 0fixed 0

    Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are

Page 2 of 2