apk package
wolfi/grafana-image-renderer
pkg:apk/wolfi/grafana-image-renderer
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47944 | Hig | 7.5 | < 3.12.6-r0 | 3.12.6-r0 | May 19, 2025 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request cau | |
| CVE-2025-47935 | Hig | 7.5 | < 3.12.6-r0 | 3.12.6-r0 | May 19, 2025 | Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, viola | |
| CVE-2025-26791 | — | < 3.12.1-r1 | 3.12.1-r1 | Feb 14, 2025 | DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). | ||
| CVE-2024-52798 | Hig | — | < 3.11.6-r2 | 3.11.6-r2 | Dec 5, 2024 | path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path |
- affected < 3.12.6-r0fixed 3.12.6-r0
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request cau
- affected < 3.12.6-r0fixed 3.12.6-r0
Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, viola
- CVE-2025-26791Feb 14, 2025affected < 3.12.1-r1fixed 3.12.1-r1
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
- affected < 3.11.6-r2fixed 3.11.6-r2
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path
Page 2 of 2