VYPR

Go modules package

github.com/kro-run/kro

pkg:golang/github.com/kro-run/kro

Vulnerabilities (1)

  • CVE-2025-48710MedJun 4, 2025
    affected >= 0.1.0, < 0.2.1fixed 0.2.1

    kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled im