VYPR

apk package

wolfi/emissary-apiext

pkg:apk/wolfi/emissary-apiext

Vulnerabilities (46)

  • CVE-2024-45336MedJan 28, 2025
    affected < 3.9.1-r9fixed 3.9.1-r9

    The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain re

  • CVE-2024-56326Dec 23, 2024
    affected < 3.9.1-r8fixed 3.9.1-r8

    Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs t

  • CVE-2024-56201Dec 23, 2024
    affected < 3.9.1-r8fixed 3.9.1-r8

    Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit

  • CVE-2024-45338MedDec 18, 2024
    affected < 3.9.1-r7fixed 3.9.1-r7

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

  • CVE-2024-49767Oct 25, 2024
    affected < 3.9.1-r4fixed 3.9.1-r4

    Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively

  • CVE-2024-49766Oct 25, 2024
    affected < 3.9.1-r4fixed 3.9.1-r4

    Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended

Page 3 of 3