VYPR

apk package

chainguard/kserve-modelmesh

pkg:apk/chainguard/kserve-modelmesh

Vulnerabilities (44)

  • CVE-2024-12798MedDec 19, 2024
    affected < 0.12.0-r13fixed 0.12.0-r13

    ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an en

  • CVE-2024-47535Nov 12, 2024
    affected < 0fixed 0

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application

  • CVE-2024-47554Oct 3, 2024
    affected < 0.12.0-r13fixed 0.12.0-r13

    Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are

  • CVE-2024-7254Sep 19, 2024
    affected < 0.12.0-r13fixed 0.12.0-r13

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf

Page 3 of 3