VYPR

apk package

wolfi/sigstore-scaffolding-tuf-server

pkg:apk/wolfi/sigstore-scaffolding-tuf-server

Vulnerabilities (63)

  • CVE-2023-39325Oct 11, 2023
    affected < 0.6.8-r4fixed 0.6.8-r4

    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 0.6.8-r4fixed 0.6.8-r4

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-3978Aug 2, 2023
    affected < 0.6.8-r4fixed 0.6.8-r4

    Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Page 4 of 4