VYPR

apk package

wolfi/az

pkg:apk/wolfi/az

Vulnerabilities (28)

  • CVE-2024-3651Jul 7, 2024
    affected < 2.60.0-r0fixed 2.60.0-r0

    A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service co

  • CVE-2024-39689Jul 5, 2024
    affected < 2.61.0-r2fixed 2.61.0-r2

    Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes ro

  • CVE-2024-37891Jun 17, 2024
    affected < 2.61.0-r1fixed 2.61.0-r1

    urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it'

  • CVE-2024-35195MedMay 20, 2024
    affected < 2.70.0-r0fixed 2.70.0-r0

    Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes

  • CVE-2024-26130Feb 21, 2024
    affected < 2.58.0-r0fixed 2.58.0-r0

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided

  • CVE-2023-50782HigFeb 5, 2024
    affected < 2.57.0-r0fixed 2.57.0-r0

    A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

  • CVE-2024-0727MedJan 26, 2024
    affected < 2.57.0-r0fixed 2.57.0-r0

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can c

  • CVE-2023-45803MedOct 17, 2023
    affected < 2.67.0-r1fixed 2.67.0-r1

    urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GE

Page 2 of 2