VYPR

apk package

chainguard/logstash-fips-9.3-iamguarded-compat

pkg:apk/chainguard/logstash-fips-9.3-iamguarded-compat

Vulnerabilities (6)

  • CVE-2026-42258CriMay 9, 2026
    affected < 9.3.4-r1fixed 9.3.4-r1

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issu

  • CVE-2026-42257CriMay 9, 2026
    affected < 9.3.4-r1fixed 9.3.4-r1

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived fro

  • CVE-2026-42256MedMay 9, 2026
    affected < 9.3.4-r1fixed 9.3.4-r1

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a com

  • CVE-2026-42246HigMay 9, 2026
    affected < 9.3.4-r1fixed 9.3.4-r1

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in

  • CVE-2026-42245HigMay 9, 2026
    affected < 9.3.4-r1fixed 9.3.4-r1

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send

  • CVE-2026-41316HigApr 24, 2026
    affected < 9.3.4-r0fixed 9.3.4-r0

    ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). Howeve