VYPR

rpm package

opensuse/prometheus-blackbox_exporter&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/prometheus-blackbox_exporter&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2026-39821CriMay 22, 2026
    affected < 0.26.0-6.1fixed 0.26.0-6.1

    The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in program

  • CVE-2025-22870MedMar 12, 2025
    affected < 0.24.0-3.1fixed 0.24.0-3.1

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

  • CVE-2023-45288HigApr 4, 2024
    affected < 0.24.0-3.1fixed 0.24.0-3.1

    An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

  • CVE-2022-46146Nov 29, 2022
    affected < 0.19.0-13.1fixed 0.19.0-13.1

    Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.