apko 路径遍历漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.2.5 of Apko, there was a path traversal vulnerability. This vulnerability occurred because specially crafted APK packages could install entries that pointed to directories other than the build root directory. This...

SUSE CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

apko 资源管理错误漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.0 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the expandapk.Split function, which did not set clear boundaries when processing APK archives, potentially leading to resource...

PT-2021-22456 · Pomerium +1 · Pomerium +1

Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to 0.14.8 Pomerium versions prior to 0.15.1 Description: The issue arises from Envoy, which Pomerium is based on, incorrectly handling resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU...

WebP Express <= 0.14.4 - Authenticated Stored XSS

Edit - WPScanTeam: The reported issue has been fixed in 0.14.5. Other sanitisation checks have been implemented in newest versions such as 0.14.6 and 0.14.8 while the plugin was closed, so the fixed in is set to 0.14.8 PoC Video POC :...