apk package

wolfi/policy-controller-webhook

pkg:apk/wolfi/policy-controller-webhook

Vulnerabilities (49)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-24786	Hig	7.5	< 0.8.4-r4	0.8.4-r4	Mar 5, 2024	The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24557		—	< 0.8.4-r4	0.8.4-r4	Feb 1, 2024	Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause
CVE-2023-45284		—	< 0	0	Nov 9, 2023	On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now corr
CVE-2023-45283		—	< 0	0	Nov 9, 2023	The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,
CVE-2023-46737		—	< 0.8.3-r1	0.8.3-r1	Nov 7, 2023	Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long
CVE-2023-29405		—	< 0.7.0-r4	0.7.0-r4	Jun 8, 2023	The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. F
CVE-2023-29404		—	< 0.7.0-r4	0.7.0-r4	Jun 8, 2023	The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. T
CVE-2023-29403		—	< 0.7.0-r4	0.7.0-r4	Jun 8, 2023	On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is execute
CVE-2023-29402		—	< 0.7.0-r4	0.7.0-r4	Jun 8, 2023	The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules wh

CVE-2024-24786HigMar 5, 2024
affected < 0.8.4-r4fixed 0.8.4-r4
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24557Feb 1, 2024
affected < 0.8.4-r4fixed 0.8.4-r4
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause
CVE-2023-45284Nov 9, 2023
affected < 0fixed 0
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now corr
CVE-2023-45283Nov 9, 2023
affected < 0fixed 0
The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,
CVE-2023-46737Nov 7, 2023
affected < 0.8.3-r1fixed 0.8.3-r1
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long
CVE-2023-29405Jun 8, 2023
affected < 0.7.0-r4fixed 0.7.0-r4
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. F
CVE-2023-29404Jun 8, 2023
affected < 0.7.0-r4fixed 0.7.0-r4
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. T
CVE-2023-29403Jun 8, 2023
affected < 0.7.0-r4fixed 0.7.0-r4
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is execute
CVE-2023-29402Jun 8, 2023
affected < 0.7.0-r4fixed 0.7.0-r4
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules wh

Page 3 of 3