apk package
wolfi/rook-oci-compat
pkg:apk/wolfi/rook-oci-compat
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24789 | Med | 5.5 | < 1.14.5-r1 | 1.14.5-r1 | Jun 5, 2024 | The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac | |
| CVE-2024-28180 | Med | 4.3 | < 1.13.6-r1 | 1.13.6-r1 | Mar 9, 2024 | Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret | |
| CVE-2024-24786 | Hig | 7.5 | < 1.13.6-r2 | 1.13.6-r2 | Mar 5, 2024 | The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. |
- affected < 1.14.5-r1fixed 1.14.5-r1
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac
- affected < 1.13.6-r1fixed 1.13.6-r1
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret
- affected < 1.13.6-r2fixed 1.13.6-r2
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Page 2 of 2