apk package
wolfi/jitsucom-bulker-bulker
pkg:apk/wolfi/jitsucom-bulker-bulker
Vulnerabilities (83)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24788 | Med | 5.9 | < 2.6.0-r1 | 2.6.0-r1 | May 8, 2024 | A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | |
| CVE-2024-24787 | Med | 6.4 | < 2.6.0-r1 | 2.6.0-r1 | May 8, 2024 | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. | |
| CVE-2023-50658 | — | < 2.6.0-r2 | 2.6.0-r2 | Dec 25, 2023 | The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. |
- affected < 2.6.0-r1fixed 2.6.0-r1
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
- affected < 2.6.0-r1fixed 2.6.0-r1
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
- CVE-2023-50658Dec 25, 2023affected < 2.6.0-r2fixed 2.6.0-r2
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
Page 5 of 5