VYPR

apk package

chainguard/gops-fips

pkg:apk/chainguard/gops-fips

Vulnerabilities (45)

  • CVE-2025-58183MedOct 29, 2025
    affected < 0.3.28-r21fixed 0.3.28-r21

    tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r

  • CVE-2025-47912MedOct 29, 2025
    affected < 0.3.28-r21fixed 0.3.28-r21

    The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresse

  • CVE-2025-47907HigAug 7, 2025
    affected < 0fixed 0

    Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex

  • CVE-2025-4673MedJun 11, 2025
    affected < 0.3.28-r18fixed 0.3.28-r18

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

  • CVE-2025-22874HigJun 11, 2025
    affected < 0fixed 0

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

Page 3 of 3