VYPR

apk package

wolfi/gitaly-backup-18.11

pkg:apk/wolfi/gitaly-backup-18.11

Vulnerabilities (24)

  • CVE-2026-33814HigMay 7, 2026
    affected < 18.11.2-r2fixed 18.11.2-r2

    When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

  • CVE-2026-39883HigApr 8, 2026
    affected < 18.11.2-r2fixed 18.11.2-r2

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platf

  • CVE-2026-39882MedApr 8, 2026
    affected < 18.11.2-r2fixed 18.11.2-r2

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector e

  • CVE-2026-34986HigApr 6, 2026
    affected < 18.11.2-r1fixed 18.11.2-r1

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW

Page 2 of 2