110 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...
apko 资源管理错误漏洞
Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.0 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the expandapk.Split function, which did not set clear boundaries when processing APK archives, potentially leading to resource...
apko 资源管理错误漏洞
Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.1 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the ExpandApk function not enforcing decompression restrictions, which could lead to resource exhaustion, build failures, or...
PT-2026-6270
Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.1.0 Description apko is a tool that enables users to build and publish OCI container images from apk packages. A flaw exists where a malicious or compromised APK repository can lead to resource exhaustion on the...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...
GHSA-5G94-C2WX-8PXW apko has a path traversal in apko dirFS which allows filesystem writes outside base
A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...
apko has a path traversal in apko dirFS which allows filesystem writes outside base
A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...
PT-2026-6267
Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.1.0 Description apko is a tool that enables users to build and publish OCI container images from apk packages. A path traversal issue exists in apko’s dirFS filesystem abstraction between versions 0.14.8 and 1.1....
apko has a path traversal in apko dirFS which allows filesystem writes outside base
A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...
PT-2026-6268
Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.0.9 Description apko is a tool for building and publishing OCI container images from apk packages. A flaw exists in the expandapk.Split function where it drains the first gzip stream of an APK archive without...
PT-2026-6368
A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: croc, sonobuoy-fips, cluster-api-azure-controller, nemo, kubernetes-dashboard-api-fips, fq, azure-ipam, kube-rbac-proxy, apache-exporter, lazygit, promxy-fips, restic, esbuild-fips, cass-operator, aws-privateca-issuer-fips, petname,...
GO-2025-3816 apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files in chainguard.dev/apko
apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files in chainguard.dev/apko...
SUSE CVE-2025-53945
apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the updateCache function in the buildimplementation.go file. An attacker can gain unauthorized access to modify critical system files by exploiting overly permissive file permissions. Remediation Upgrad...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the updateCache function in the buildimplementation.go file. An attacker can gain unauthorized access to modify critical system files by exploiting overly permissive file permissions. Remediation Upgrad...
apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files
It was discovered that the ld.so.cache in images generated by apko had file system permissions mode 0666: bash-5.3 find / -type f -perm -o+w /etc/ld.so.cache...
apko 安全漏洞
apko is an apk-based OCI image builder from apko open source. A security vulnerability exists in versions prior to apko 0.27.0 through 0.29.5, which stems from improperly set file permissions and may result in elevated privileges...
PT-2025-30050 · Apko · Apko
Name of the Vulnerable Software and Affected Versions: apko versions 0.27.0 through 0.29.4 Description: apko is a tool that allows users to build and publish OCI container images built from apk packages. In versions prior to 0.29.5, critical files were inadvertently set to 0666, which could...
GHSA-V6MG-7F7P-QMQP apko Exposure of HTTP basic auth credentials in log output
Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: 1. The%s verb...