apk package

wolfi/envoy-ratelimit-compat

pkg:apk/wolfi/envoy-ratelimit-compat

Vulnerabilities (23)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2023-45284		—		< 0	0	Nov 9, 2023	On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now corr
CVE-2023-45283		—		< 0	0	Nov 9, 2023	The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,
CVE-2023-44487	Hig	7.5	KEV	< 0.0_git20231014-r3	0.0_git20231014-r3	Oct 10, 2023	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-45284Nov 9, 2023
affected < 0fixed 0
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now corr
CVE-2023-45283Nov 9, 2023
affected < 0fixed 0
The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,
CVE-2023-44487HigKEVOct 10, 2023
affected < 0.0_git20231014-r3fixed 0.0_git20231014-r3
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Page 2 of 2