apk package
wolfi/juicefs-1.3
pkg:apk/wolfi/juicefs-1.3
Vulnerabilities (53)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47912 | — | < 1.3.0-r7 | 1.3.0-r7 | Oct 29, 2025 | The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresse | ||
| CVE-2025-61723 | — | < 1.3.0-r7 | 1.3.0-r7 | Oct 29, 2025 | The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. | ||
| CVE-2025-58189 | — | < 1.3.0-r7 | 1.3.0-r7 | Oct 29, 2025 | When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. | ||
| CVE-2025-58187 | — | < 1.3.0-r7 | 1.3.0-r7 | Oct 29, 2025 | Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. | ||
| CVE-2025-58063 | Hig | 7.1 | < 1.3.0-r5 | 1.3.0-r5 | Sep 9, 2025 | CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a Do | |
| CVE-2025-47907 | — | < 1.3.0-r3 | 1.3.0-r3 | Aug 7, 2025 | Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex | ||
| CVE-2025-47950 | — | < 1.3.0-r2 | 1.3.0-r2 | Jun 6, 2025 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any lim | ||
| CVE-2023-30464 | — | < 1.3.0-r2 | 1.3.0-r2 | Sep 18, 2024 | CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. | ||
| CVE-2023-28452 | — | < 1.3.0-r2 | 1.3.0-r2 | Sep 18, 2024 | An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the | ||
| CVE-2024-0874 | Med | 5.3 | < 1.3.0-r2 | 1.3.0-r2 | Apr 25, 2024 | A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. | |
| CVE-2022-2837 | — | < 1.3.0-r2 | 1.3.0-r2 | Mar 3, 2023 | A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | ||
| CVE-2022-2835 | — | < 1.3.0-r2 | 1.3.0-r2 | Mar 3, 2023 | A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc. | ||
| CVE-2018-1099 | — | < 0 | 0 | Apr 3, 2018 | DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). |
- CVE-2025-47912Oct 29, 2025affected < 1.3.0-r7fixed 1.3.0-r7
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresse
- CVE-2025-61723Oct 29, 2025affected < 1.3.0-r7fixed 1.3.0-r7
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
- CVE-2025-58189Oct 29, 2025affected < 1.3.0-r7fixed 1.3.0-r7
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
- CVE-2025-58187Oct 29, 2025affected < 1.3.0-r7fixed 1.3.0-r7
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
- affected < 1.3.0-r5fixed 1.3.0-r5
CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a Do
- CVE-2025-47907Aug 7, 2025affected < 1.3.0-r3fixed 1.3.0-r3
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex
- CVE-2025-47950Jun 6, 2025affected < 1.3.0-r2fixed 1.3.0-r2
CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any lim
- CVE-2023-30464Sep 18, 2024affected < 1.3.0-r2fixed 1.3.0-r2
CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.
- CVE-2023-28452Sep 18, 2024affected < 1.3.0-r2fixed 1.3.0-r2
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the
- affected < 1.3.0-r2fixed 1.3.0-r2
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
- CVE-2022-2837Mar 3, 2023affected < 1.3.0-r2fixed 1.3.0-r2
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
- CVE-2022-2835Mar 3, 2023affected < 1.3.0-r2fixed 1.3.0-r2
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc.
- CVE-2018-1099Apr 3, 2018affected < 0fixed 0
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
Page 3 of 3