apk package
chainguard/semaphore
pkg:apk/chainguard/semaphore
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-12143 | Hig | 7.5 | < 2.18.12-r1 | 2.18.12-r1 | Jun 12, 2026 | form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into the `Content-Disposition` header without escaping carriage return (CR), line fee | |
| CVE-2025-8083 | Hig | 8.6 | < 0 | 0 | Dec 12, 2025 | The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html due to the internal 'mergeDeep' utility function used t | |
| CVE-2025-8082 | Med | 6.3 | < 0 | 0 | Dec 12, 2025 | Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'tit | |
| CVE-2024-9506 | Low | 3.7 | < 0 | 0 | Oct 15, 2024 | Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. |
- affected < 2.18.12-r1fixed 2.18.12-r1
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into the `Content-Disposition` header without escaping carriage return (CR), line fee
- affected < 0fixed 0
The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html due to the internal 'mergeDeep' utility function used t
- affected < 0fixed 0
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'tit
- affected < 0fixed 0
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.