VYPR

apk package

wolfi/stakater-reloader

pkg:apk/wolfi/stakater-reloader

Vulnerabilities (64)

  • CVE-2023-39325Oct 11, 2023
    affected < 1.0.43-r2fixed 1.0.43-r2

    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.0.43-r2fixed 1.0.43-r2

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-3978Aug 2, 2023
    affected < 1.0.43-r2fixed 1.0.43-r2

    Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

  • CVE-2020-8559Jul 22, 2020
    affected < 1.3.0-r2fixed 1.3.0-r2

    The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Page 4 of 4