apk package

wolfi/rook-oci-compat

pkg:apk/wolfi/rook-oci-compat

Vulnerabilities (23)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-24790		—	< 1.14.5-r1	1.14.5-r1	Jun 5, 2024	The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
CVE-2024-28180		—	< 1.13.6-r1	1.13.6-r1	Mar 9, 2024	Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret
CVE-2024-24786	Hig	7.5	< 1.13.6-r2	1.13.6-r2	Mar 5, 2024	The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

CVE-2024-24790Jun 5, 2024
affected < 1.14.5-r1fixed 1.14.5-r1
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
CVE-2024-28180Mar 9, 2024
affected < 1.13.6-r1fixed 1.13.6-r1
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret
CVE-2024-24786HigMar 5, 2024
affected < 1.13.6-r2fixed 1.13.6-r2
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

Page 2 of 2