apk package
chainguard/gitlab-rails-ce-fips-19.1
pkg:apk/chainguard/gitlab-rails-ce-fips-19.1
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59288 | — | < 19.1.1-r1 | 19.1.1-r1 | Oct 14, 2025 | Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network. | ||
| CVE-2025-59343 | Hig | — | < 19.1.1-r1 | 19.1.1-r1 | Sep 24, 2025 | tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A worka | |
| CVE-2025-7783 | Cri | — | < 19.1.1-r1 | 19.1.1-r1 | Jul 18, 2025 | Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. | |
| CVE-2025-48387 | Hig | — | < 19.1.1-r1 | 19.1.1-r1 | Jun 2, 2025 | tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore o | |
| CVE-2025-27789 | Med | 6.2 | < 19.1.1-r1 | 19.1.1-r1 | Mar 11, 2025 | Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specif |
- CVE-2025-59288Oct 14, 2025affected < 19.1.1-r1fixed 19.1.1-r1
Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network.
- affected < 19.1.1-r1fixed 19.1.1-r1
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A worka
- affected < 19.1.1-r1fixed 19.1.1-r1
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
- affected < 19.1.1-r1fixed 19.1.1-r1
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore o
- affected < 19.1.1-r1fixed 19.1.1-r1
Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specif
Page 2 of 2