apk package
wolfi/vitess-21
pkg:apk/wolfi/vitess-21
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-58189 | — | < 21.0.5-r7 | 21.0.5-r7 | Oct 29, 2025 | When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. | ||
| CVE-2025-58187 | — | < 21.0.5-r7 | 21.0.5-r7 | Oct 29, 2025 | Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. | ||
| CVE-2025-62522 | Med | — | < 0 | 0 | Oct 20, 2025 | Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent i | |
| CVE-2025-54798 | — | < 21.0.5-r6 | 21.0.5-r6 | Aug 7, 2025 | tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4. | ||
| CVE-2025-7783 | Cri | — | < 21.0.5-r4 | 21.0.5-r4 | Jul 18, 2025 | Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. |
- CVE-2025-58189Oct 29, 2025affected < 21.0.5-r7fixed 21.0.5-r7
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
- CVE-2025-58187Oct 29, 2025affected < 21.0.5-r7fixed 21.0.5-r7
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
- affected < 0fixed 0
Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent i
- CVE-2025-54798Aug 7, 2025affected < 21.0.5-r6fixed 21.0.5-r6
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
- affected < 21.0.5-r4fixed 21.0.5-r4
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Page 2 of 2