apk package
wolfi/sqlpad
pkg:apk/wolfi/sqlpad
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28863 | — | < 7.4.1-r3 | 7.4.1-r3 | Mar 21, 2024 | node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js cl | ||
| CVE-2024-28176 | — | < 7.4.1-r2 | 7.4.1-r2 | Mar 9, 2024 | jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encrypt | ||
| CVE-2023-42282 | — | < 7.4.1-r1 | 7.4.1-r1 | Feb 8, 2024 | The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. |
- CVE-2024-28863Mar 21, 2024affected < 7.4.1-r3fixed 7.4.1-r3
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js cl
- CVE-2024-28176Mar 9, 2024affected < 7.4.1-r2fixed 7.4.1-r2
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encrypt
- CVE-2023-42282Feb 8, 2024affected < 7.4.1-r1fixed 7.4.1-r1
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Page 4 of 4