VYPR

apk package

chainguard/terraform-provider-acme-fips

pkg:apk/chainguard/terraform-provider-acme-fips

Vulnerabilities (47)

  • CVE-2025-61731Jan 28, 2026
    affected < 2.43.0-r1fixed 2.43.0-r1

    Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can

  • CVE-2025-68119Jan 28, 2026
    affected < 2.43.0-r1fixed 2.43.0-r1

    Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are

  • CVE-2025-54799LowAug 7, 2025
    affected < 2.35.0-r1fixed 2.35.0-r1

    Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which

  • CVE-2025-4673MedJun 11, 2025
    affected < 2.32.0-r1fixed 2.32.0-r1

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

  • CVE-2025-22874HigJun 11, 2025
    affected < 2.32.0-r1fixed 2.32.0-r1

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

  • CVE-2025-22871CriApr 8, 2025
    affected < 2.31.0-r2fixed 2.31.0-r2

    The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

  • CVE-2025-22868Feb 26, 2025
    affected < 2.31.0-r1fixed 2.31.0-r1

    An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Page 3 of 3