VYPR

apk package

wolfi/gitlab-runner-17.7

pkg:apk/wolfi/gitlab-runner-17.7

Vulnerabilities (3)

  • CVE-2025-22870MedMar 12, 2025
    affected < 17.7.1-r9fixed 17.7.1-r9

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

  • CVE-2024-45338MedDec 18, 2024
    affected < 17.7.0-r1fixed 17.7.0-r1

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

  • CVE-2024-45337CriDec 12, 2024
    affected < 17.7.0-r1fixed 17.7.0-r1

    Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that