VYPR

Distribution

by Distribution

Source repositories

CVEs (6)

  • CVE-2012-10033CriAug 5, 2025
    risk 0.70cvss epss 0.01

    Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s…

  • CVE-2026-35172HigApr 6, 2026
    risk 0.42cvss 7.5epss 0.00

    Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path…

  • CVE-2026-33540HigApr 6, 2026
    risk 0.42cvss 7.5epss 0.00

    Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer…

  • CVE-2025-24976MedFeb 11, 2025
    risk 0.36cvss epss 0.00

    Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an…

  • CVE-2026-41888MedMay 14, 2026
    risk 0.35cvss 6.5epss 0.00

    Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even…

  • CVE-2023-2253Jun 6, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the…