VYPR

apk package

chainguard/ruby3.2-kube-logging-operator-fluentd-outputs

pkg:apk/chainguard/ruby3.2-kube-logging-operator-fluentd-outputs

Vulnerabilities (10)

  • CVE-2026-47242Jun 9, 2026
    affected < 6.6.0-r2fixed 6.6.0-r2

    ### Summary Two `Net::IMAP` commands, `#id` and `#enable`, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expe

  • CVE-2026-47241lowJun 9, 2026
    affected < 6.6.0-r2fixed 6.6.0-r2

    ### Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the fir

  • CVE-2026-47240Jun 9, 2026
    affected < 6.6.0-r2fixed 6.6.0-r2

    Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing lite

  • CVE-2026-33637NonMay 19, 2026
    affected < 6.5.2-r0fixed 6.5.2-r0

    Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object (rather than a String) to Faraday::Connection#build

  • CVE-2026-45363higMay 18, 2026
    affected < 6.5.2-r0fixed 6.5.2-r0

    `JWT.decode(token, '', true, algorithm: 'HS256')` accepts an attacker-forged token. `OpenSSL::HMAC.digest('SHA256', '', payload)` returns a valid digest under an empty key, and no `raise InvalidKeyError if key.empty?` precondition exists in the HMAC algorithm. ``` JWT.decode(t

  • CVE-2026-42258CriMay 9, 2026
    affected < 6.5.0-r2fixed 6.5.0-r2

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issu

  • CVE-2026-42257CriMay 9, 2026
    affected < 6.5.0-r2fixed 6.5.0-r2

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived fro

  • CVE-2026-42256MedMay 9, 2026
    affected < 6.5.0-r2fixed 6.5.0-r2

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a com

  • CVE-2026-42246HigMay 9, 2026
    affected < 6.5.0-r2fixed 6.5.0-r2

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in

  • CVE-2026-42245HigMay 9, 2026
    affected < 6.5.0-r2fixed 6.5.0-r2

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send