apk package
chainguard/ingress-nginx-controller-fips-iamguarded-compat-1.14
pkg:apk/chainguard/ingress-nginx-controller-fips-iamguarded-compat-1.14
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42945 | Hig | 8.1 | < 1.14.5-r9 | 1.14.5-r9 | May 13, 2026 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) | |
| CVE-2025-61729 | — | < 1.14.1-r0 | 1.14.1-r0 | Dec 2, 2025 | Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a |
- affected < 1.14.5-r9fixed 1.14.5-r9
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2)
- CVE-2025-61729Dec 2, 2025affected < 1.14.1-r0fixed 1.14.1-r0
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a