rpm package
opensuse/argocd-cli&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/argocd-cli&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41240 | Med | 6.1 | < 3.4.3-1.1 | 3.4.3-1.1 | Apr 23, 2026 | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TAGS is used. Commit c361baa added an early exit for FORBID_ATTR at line 1214. The | |
| CVE-2025-29786 | Hig | 7.5 | < 2.14.10-1.1 | 2.14.10-1.1 | Mar 17, 2025 | Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression | |
| CVE-2025-26791 | — | < 2.14.8-1.1 | 2.14.8-1.1 | Feb 14, 2025 | DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). | ||
| CVE-2024-45296 | Hig | 7.5 | < 2.12.4-1.1 | 2.12.4-1.1 | Sep 9, 2024 | path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will |
- affected < 3.4.3-1.1fixed 3.4.3-1.1
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TAGS is used. Commit c361baa added an early exit for FORBID_ATTR at line 1214. The
- affected < 2.14.10-1.1fixed 2.14.10-1.1
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression
- CVE-2025-26791Feb 14, 2025affected < 2.14.8-1.1fixed 2.14.8-1.1
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
- affected < 2.12.4-1.1fixed 2.12.4-1.1
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will