Lucene search
K

110 matches found

Snyk
Snyk
added 2026/02/04 12:7 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

7.5CVSS5.5AI score0.00366EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.7 views

apko 资源管理错误漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.0 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the expandapk.Split function, which did not set clear boundaries when processing APK archives, potentially leading to resource...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.10 views

apko 资源管理错误漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.1 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the ExpandApk function not enforcing decompression restrictions, which could lead to resource exhaustion, build failures, or...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.8 views

PT-2026-6270

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.1.0 Description apko is a tool that enables users to build and publish OCI container images from apk packages. A flaw exists where a malicious or compromised APK repository can lead to resource exhaustion on the...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References114
Snyk
Snyk
added 2026/02/03 11:58 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 11:57 p.m.4 views

GHSA-5G94-C2WX-8PXW apko has a path traversal in apko dirFS which allows filesystem writes outside base

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/03 11:57 p.m.12 views

apko has a path traversal in apko dirFS which allows filesystem writes outside base

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.17 views

PT-2026-6267

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.1.0 Description apko is a tool that enables users to build and publish OCI container images from apk packages. A path traversal issue exists in apko’s dirFS filesystem abstraction between versions 0.14.8 and 1.1....

7.5CVSS5.5AI score0.00369EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/03 12:0 a.m.20 views

apko has a path traversal in apko dirFS which allows filesystem writes outside base

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6268

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.0.9 Description apko is a tool for building and publishing OCI container images from apk packages. A flaw exists in the expandapk.Split function where it drains the first gzip stream of an APK archive without...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.4 views

PT-2026-6368

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

7.5CVSS5.5AI score0.00369EPSS
Exploits0References5
Chainguard
Chainguard
added 2025/08/09 1:17 p.m.9 views

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: croc, sonobuoy-fips, cluster-api-azure-controller, nemo, kubernetes-dashboard-api-fips, fq, azure-ipam, kube-rbac-proxy, apache-exporter, lazygit, promxy-fips, restic, esbuild-fips, cass-operator, aws-privateca-issuer-fips, petname,...

5.9AI score
Exploits0
OSV
OSV
added 2025/07/29 6:49 p.m.3 views

GO-2025-3816 apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files in chainguard.dev/apko

apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files in chainguard.dev/apko...

7CVSS6AI score0.00118EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/07/19 11:21 p.m.6 views

SUSE CVE-2025-53945

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue...

7CVSS6.9AI score0.00118EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/18 4:42 p.m.1 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the updateCache function in the buildimplementation.go file. An attacker can gain unauthorized access to modify critical system files by exploiting overly permissive file permissions. Remediation Upgrad...

7.1CVSS7.1AI score0.00118EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/18 4:42 p.m.3 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the updateCache function in the buildimplementation.go file. An attacker can gain unauthorized access to modify critical system files by exploiting overly permissive file permissions. Remediation Upgrad...

7.1CVSS7.1AI score0.00118EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/18 12:0 a.m.9 views

apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files

It was discovered that the ld.so.cache in images generated by apko had file system permissions mode 0666: bash-5.3 find / -type f -perm -o+w /etc/ld.so.cache...

7CVSS6.4AI score0.00118EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.4 views

apko 安全漏洞

apko is an apk-based OCI image builder from apko open source. A security vulnerability exists in versions prior to apko 0.27.0 through 0.29.5, which stems from improperly set file permissions and may result in elevated privileges...

7CVSS6.5AI score0.00118EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.1 views

PT-2025-30050 · Apko · Apko

Name of the Vulnerable Software and Affected Versions: apko versions 0.27.0 through 0.29.4 Description: apko is a tool that allows users to build and publish OCI container images built from apk packages. In versions prior to 0.29.5, critical files were inadvertently set to 0666, which could...

7CVSS6.2AI score0.00118EPSS
Exploits0References13
OSV
OSV
added 2024/06/04 5:52 p.m.28 views

GHSA-V6MG-7F7P-QMQP apko Exposure of HTTP basic auth credentials in log output

Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: 1. The%s verb...

7.5CVSS7.7AI score0.00441EPSS
Exploits0References4
Rows per page
Query Builder