apk package
wolfi/terraform-provider-acme
pkg:apk/wolfi/terraform-provider-acme
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22871 | Cri | 9.1 | < 2.31.0-r2 | 2.31.0-r2 | Apr 8, 2025 | The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. | |
| CVE-2025-22868 | — | < 2.31.0-r1 | 2.31.0-r1 | Feb 26, 2025 | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. |
- affected < 2.31.0-r2fixed 2.31.0-r2
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
- CVE-2025-22868Feb 26, 2025affected < 2.31.0-r1fixed 2.31.0-r1
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Page 2 of 2