VYPR

apk package

chainguard/harbor-fips-2.13-jobservice

pkg:apk/chainguard/harbor-fips-2.13-jobservice

Vulnerabilities (67)

  • CVE-2025-22874HigJun 11, 2025
    affected < 2.13.1-r2fixed 2.13.1-r2

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

  • CVE-2025-22872MedApr 16, 2025
    affected < 2.13.0-r1fixed 2.13.0-r1

    The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul

  • CVE-2025-24358MedApr 15, 2025
    affected < 2.13.0-r1fixed 2.13.0-r1

    gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests onl

  • CVE-2025-32386Apr 9, 2025
    affected < 2.13.0-r1fixed 2.13.0-r1

    Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to

  • CVE-2025-32387Apr 9, 2025
    affected < 2.13.0-r1fixed 2.13.0-r1

    Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.1

  • CVE-2020-8912Aug 11, 2020
    affected < 0fixed 0

    A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-

  • CVE-2020-8911Aug 11, 2020
    affected < 0fixed 0

    A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket a

Page 4 of 4