apk package
chainguard/ko
pkg:apk/chainguard/ko
Vulnerabilities (87)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46737 | — | < 0.15.1-r0 | 0.15.1-r0 | Nov 7, 2023 | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 0.15.0-r1 | 0.15.0-r1 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-24535 | — | < 0.13.0-r3 | 0.13.0-r3 | Jun 8, 2023 | Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. | ||
| CVE-2023-30551 | — | < 0.13.0-r3 | 0.13.0-r3 | May 8, 2023 | Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can | ||
| CVE-2023-28840 | — | < 0.13.0-r3 | 0.13.0-r3 | Apr 4, 2023 | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docke | ||
| CVE-2023-28841 | — | < 0.13.0-r3 | 0.13.0-r3 | Apr 4, 2023 | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker | ||
| CVE-2023-28842 | — | < 0.13.0-r3 | 0.13.0-r3 | Apr 4, 2023 | Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docke |
- CVE-2023-46737Nov 7, 2023affected < 0.15.1-r0fixed 0.15.1-r0
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long
- affected < 0.15.0-r1fixed 0.15.0-r1
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-24535Jun 8, 2023affected < 0.13.0-r3fixed 0.13.0-r3
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
- CVE-2023-30551May 8, 2023affected < 0.13.0-r3fixed 0.13.0-r3
Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can
- CVE-2023-28840Apr 4, 2023affected < 0.13.0-r3fixed 0.13.0-r3
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docke
- CVE-2023-28841Apr 4, 2023affected < 0.13.0-r3fixed 0.13.0-r3
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker
- CVE-2023-28842Apr 4, 2023affected < 0.13.0-r3fixed 0.13.0-r3
Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docke
Page 5 of 5