apk package
chainguard/seaweedfs-operator-fips
pkg:apk/chainguard/seaweedfs-operator-fips
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-58189 | — | < 1.0.5-r1 | 1.0.5-r1 | Oct 29, 2025 | When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. | ||
| CVE-2025-58187 | — | < 1.0.5-r1 | 1.0.5-r1 | Oct 29, 2025 | Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. | ||
| CVE-2024-40120 | — | < 1.0.6-r0 | 1.0.6-r0 | May 16, 2025 | seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go. | ||
| CVE-2023-36308 | — | < 1.0.6-r0 | 1.0.6-r0 | Sep 5, 2023 | disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any |
- CVE-2025-58189Oct 29, 2025affected < 1.0.5-r1fixed 1.0.5-r1
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
- CVE-2025-58187Oct 29, 2025affected < 1.0.5-r1fixed 1.0.5-r1
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
- CVE-2024-40120May 16, 2025affected < 1.0.6-r0fixed 1.0.6-r0
seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.
- CVE-2023-36308Sep 5, 2023affected < 1.0.6-r0fixed 1.0.6-r0
disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any
Page 3 of 3