VYPR

apk package

chainguard/kserve-manager

pkg:apk/chainguard/kserve-manager

Vulnerabilities (69)

  • CVE-2024-34158HigSep 6, 2024
    affected < 0.13.1-r5fixed 0.13.1-r5

    Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

  • CVE-2024-34156HigSep 6, 2024
    affected < 0.13.1-r5fixed 0.13.1-r5

    Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

  • CVE-2024-34155MedSep 6, 2024
    affected < 0.13.1-r5fixed 0.13.1-r5

    Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

  • CVE-2024-42367Aug 9, 2024
    affected < 0.13.1-r3fixed 0.13.1-r3

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root director

  • CVE-2024-3651Jul 7, 2024
    affected < 0.13.1-r3fixed 0.13.1-r3

    A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service co

  • CVE-2024-30251May 2, 2024
    affected < 0.13.1-r3fixed 0.13.1-r3

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process

  • CVE-2024-27306Apr 18, 2024
    affected < 0.13.1-r3fixed 0.13.1-r3

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files.

  • CVE-2020-8912Aug 11, 2020
    affected < 0fixed 0

    A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-

  • CVE-2020-8911Aug 11, 2020
    affected < 0fixed 0

    A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket a

Page 4 of 4