rpm package
opensuse/gitleaks&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gitleaks&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45337 | Cri | 9.1 | < 8.24.2-1.1 | 8.24.2-1.1 | Dec 12, 2024 | Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that | |
| CVE-2021-38561 | — | < 8.18.3-1.1 | 8.18.3-1.1 | Dec 26, 2022 | golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack. | ||
| CVE-2022-32149 | — | < 8.18.3-1.1 | 8.18.3-1.1 | Oct 14, 2022 | An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. |
- affected < 8.24.2-1.1fixed 8.24.2-1.1
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
- CVE-2021-38561Dec 26, 2022affected < 8.18.3-1.1fixed 8.18.3-1.1
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
- CVE-2022-32149Oct 14, 2022affected < 8.18.3-1.1fixed 8.18.3-1.1
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.