4 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...
GHSA-CFPF-HRX2-8RV6 vulnerabilities
Vulnerabilities for packages: tempo, k8sgpt, nats, splunk-otel-collector, kargo, kubeflow-pipelines, amazon-cloudwatch-agent, datadog-agent, verticadb-operator, kine, opentelemetry-collector, argo-cd, grafana-alloy, keda, aws-otel-collector, k3s, kserve, argo-workflows, vale,...
CVE-2025-68156 vulnerabilities
Vulnerabilities for packages: tempo, k8sgpt, nats, splunk-otel-collector, kargo, kubeflow-pipelines, amazon-cloudwatch-agent, datadog-agent, verticadb-operator, kine, opentelemetry-collector, argo-cd, grafana-alloy, keda, aws-otel-collector, k3s, kserve, argo-workflows, vale,...
GHSA-CFPF-HRX2-8RV6 vulnerabilities
Vulnerabilities for packages: jaeger, nrdot-collector-k8s, nats-fips, opentelemetry-collector-contrib-fips, tempo, opentelemetry-collector, elastic-agent-fips, argo-workflows-fips, opentelemetry-collector-contrib, argo-rollouts-fips, aws-otel-collector-fips, nats, tempo-fips, datadog-agent-fips,...