VYPR

apk package

chainguard/jq

pkg:apk/chainguard/jq

Vulnerabilities (2)

  • CVE-2026-32316HigApr 13, 2026
    affected < 1.8.1-r5fixed 1.8.1-r5

    jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer o

  • CVE-2024-53427Feb 26, 2025
    affected < 1.7.1-r4fixed 1.7.1-r4

    decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input ha