VYPR

apk package

chainguard/sqlpad-compat

pkg:apk/chainguard/sqlpad-compat

Vulnerabilities (35)

  • CVE-2024-43799Sep 10, 2024
    affected < 7.5.0-r1fixed 7.5.0-r1

    Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

  • CVE-2024-43796Sep 10, 2024
    affected < 7.5.0-r1fixed 7.5.0-r1

    Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

  • CVE-2024-45296HigSep 9, 2024
    affected < 7.5.0-r1fixed 7.5.0-r1

    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will

  • CVE-2024-35255Jun 11, 2024
    affected < 7.4.3-r0fixed 7.4.3-r0

    Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

  • CVE-2024-21512HigMay 29, 2024
    affected < 7.4.3-r0fixed 7.4.3-r0

    Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

  • CVE-2024-29415HigMay 27, 2024
    affected < 7.4.3-r0fixed 7.4.3-r0

    The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for

  • CVE-2024-21511CriApr 23, 2024
    affected < 7.4.1-r4fixed 7.4.1-r4

    Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

  • CVE-2024-21508CriApr 11, 2024
    affected < 7.4.1-r4fixed 7.4.1-r4

    Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.

  • CVE-2024-21507Apr 10, 2024
    affected < 7.4.1-r4fixed 7.4.1-r4

    Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.

  • CVE-2024-21509Apr 10, 2024
    affected < 7.4.1-r4fixed 7.4.1-r4

    Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.

  • CVE-2024-22363HigApr 5, 2024
    affected < 7.4.1-r3fixed 7.4.1-r3

    SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).

  • CVE-2024-29041Mar 25, 2024
    affected < 7.4.1-r3fixed 7.4.1-r3

    Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Expres

  • CVE-2024-28863Mar 21, 2024
    affected < 7.4.1-r3fixed 7.4.1-r3

    node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js cl

  • CVE-2024-28176Mar 9, 2024
    affected < 7.4.1-r2fixed 7.4.1-r2

    jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encrypt

  • CVE-2023-42282Feb 8, 2024
    affected < 7.4.1-r1fixed 7.4.1-r1

    The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Page 2 of 2