VYPR

apk package

wolfi/guacingest

pkg:apk/wolfi/guacingest

Vulnerabilities (97)

  • CVE-2024-24791HigJul 2, 2024
    affected < 0.7.2-r4fixed 0.7.2-r4

    The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the co

  • CVE-2024-6104Jun 24, 2024
    affected < 0.7.2-r3fixed 0.7.2-r3

    go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

  • CVE-2023-49559LowJun 12, 2024
    affected < 0.7.2-r2fixed 0.7.2-r2

    An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.

  • CVE-2024-35255Jun 11, 2024
    affected < 0.7.2-r1fixed 0.7.2-r1

    Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

  • CVE-2024-24788MedMay 8, 2024
    affected < 0.6.0-r1fixed 0.6.0-r1

    A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

  • CVE-2024-24787MedMay 8, 2024
    affected < 0.6.0-r1fixed 0.6.0-r1

    On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

  • CVE-2023-45288HigApr 4, 2024
    affected < 0.5.2-r1fixed 0.5.2-r1

    An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

  • CVE-2024-28180Mar 9, 2024
    affected < 0.5.1-r1fixed 0.5.1-r1

    Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret

  • CVE-2024-28110Mar 6, 2024
    affected < 0.5.1-r0fixed 0.5.1-r0

    Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary

  • CVE-2024-24786HigMar 5, 2024
    affected < 0.5.1-r3fixed 0.5.1-r3

    The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

  • CVE-2024-24557MedFeb 1, 2024
    affected < 0.5.1-r4fixed 0.5.1-r4

    Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause

  • CVE-2024-23653CriJan 31, 2024
    affected < 0.4.0-r1fixed 0.4.0-r1

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use th

  • CVE-2024-23652CriJan 31, 2024
    affected < 0.4.0-r1fixed 0.4.0-r1

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file o

  • CVE-2024-23651HigJan 31, 2024
    affected < 0.4.0-r1fixed 0.4.0-r1

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host syste

  • CVE-2024-23650MedJan 31, 2024
    affected < 0.4.0-r1fixed 0.4.0-r1

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a

  • CVE-2023-45284MedNov 9, 2023
    affected < 0fixed 0

    On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now corr

  • CVE-2023-45283HigNov 9, 2023
    affected < 0fixed 0

    The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,

Page 5 of 5