Azure Linux 3.0 Security Update: azcopy / git-lfs / golang / influxdb / keda (CVE-2025-22870)

The version of azcopy / git-lfs / golang / influxdb / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22870 advisory. - Matching of hosts against proxy patterns can improperly treat an IPv6...

CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-4

CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-4. A patched version of the package is available...

CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4

CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4. A patched version of the package is available...

AZL-59209 CVE-2025-30204 affecting package azcopy for versions less than 10.25.1-5

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-2

CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-2. A patched version of the package is available...

CBL Mariner 2.0 Security Update: azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns (CVE-2025-22868)

The version of azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22868 advisory. - An attacker can pass a malicious malforme...

CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-3

CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-3. A patched version of the package is available...

AZL-57443 CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-5

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

Azure Linux 3.0 Security Update: azcopy / blobfuse2 / cert-manager / cf-cli (CVE-2024-24786)

The version of azcopy / blobfuse2 / cert-manager / cf-cli installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24786 advisory. - The protojson.Unmarshal function can enter an infinite loop when...

AZL-52260 CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-5

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...