apk package
chainguard/verticadb-operator-fips
pkg:apk/chainguard/verticadb-operator-fips
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-4673 | Med | 6.8 | < 25.2.1.0-r1 | 25.2.1.0-r1 | Jun 11, 2025 | Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. | |
| CVE-2025-22874 | Hig | 7.5 | < 25.2.1.0-r1 | 25.2.1.0-r1 | Jun 11, 2025 | Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. | |
| CVE-2025-22872 | Med | 6.5 | < 25.2.0-r1 | 25.2.0-r1 | Apr 16, 2025 | The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul |
- affected < 25.2.1.0-r1fixed 25.2.1.0-r1
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
- affected < 25.2.1.0-r1fixed 25.2.1.0-r1
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
- affected < 25.2.0-r1fixed 25.2.0-r1
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul
Page 3 of 3