apk package
chainguard/pgadmin4
pkg:apk/chainguard/pgadmin4
Vulnerabilities (45)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-21538 | Hig | 7.5 | < 9.1-r1 | 9.1-r1 | Nov 8, 2024 | Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted | |
| CVE-2022-25881 | Med | 5.3 | < 9.1-r1 | 9.1-r1 | Jan 31, 2023 | This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. | |
| CVE-2022-33987 | Med | 5.3 | < 9.1-r1 | 9.1-r1 | Jun 18, 2022 | The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. | |
| CVE-2021-43307 | Med | 5.9 | < 9.1-r1 | 9.1-r1 | Jun 2, 2022 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method | |
| CVE-2021-3795 | Hig | 7.5 | < 9.1-r1 | 9.1-r1 | Sep 15, 2021 | semver-regex is vulnerable to Inefficient Regular Expression Complexity |
- affected < 9.1-r1fixed 9.1-r1
Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted
- affected < 9.1-r1fixed 9.1-r1
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
- affected < 9.1-r1fixed 9.1-r1
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
- affected < 9.1-r1fixed 9.1-r1
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
- affected < 9.1-r1fixed 9.1-r1
semver-regex is vulnerable to Inefficient Regular Expression Complexity
Page 3 of 3