VYPR

apk package

chainguard/tekton-pipelines-entrypoint-0.62

pkg:apk/chainguard/tekton-pipelines-entrypoint-0.62

Vulnerabilities (27)

  • CVE-2025-58187Oct 29, 2025
    affected < 0.62.9-r8fixed 0.62.9-r8

    Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

  • CVE-2025-47910MedSep 22, 2025
    affected < 0.62.9-r7fixed 0.62.9-r7

    When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended sec

  • CVE-2025-47907Aug 7, 2025
    affected < 0.62.9-r5fixed 0.62.9-r5

    Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex

  • CVE-2025-8556LowAug 6, 2025
    affected < 0.62.9-r3fixed 0.62.9-r3

    A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

  • CVE-2025-54410Jul 30, 2025
    affected < 0.62.9-r6fixed 0.62.9-r6

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fail

  • CVE-2025-21614Jan 6, 2025
    affected < 0.62.9-r2fixed 0.62.9-r2

    go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted respons

  • CVE-2025-21613Jan 6, 2025
    affected < 0.62.9-r2fixed 0.62.9-r2

    go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flag

Page 2 of 2