VYPR

apk package

chainguard/harbor-fips-2.12-photon-registry

pkg:apk/chainguard/harbor-fips-2.12-photon-registry

Vulnerabilities (64)

  • CVE-2024-45336MedJan 28, 2025
    affected < 2.12.2-r2fixed 2.12.2-r2

    The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain re

  • CVE-2024-45338MedDec 18, 2024
    affected < 2.12.0-r3fixed 2.12.0-r3

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

  • CVE-2024-55885Dec 12, 2024
    affected < 2.12.4-r15fixed 2.12.4-r15

    beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with

  • CVE-2024-51744LowNov 4, 2024
    affected < 2.12.0-r1fixed 2.12.0-r1

    golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors r

Page 4 of 4