20 matches found
CVE-2026-39829 affecting package packer for versions less than 1.9.5-14
CVE-2026-39829 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2026-42502 affecting package packer for versions less than 1.9.5-14
CVE-2026-42502 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2026-42508 affecting package packer for versions less than 1.9.5-14
CVE-2026-42508 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2026-42506 affecting package packer for versions less than 1.9.5-14
CVE-2026-42506 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2026-46597 affecting package packer for versions less than 1.9.5-14
CVE-2026-46597 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2026-27136 affecting package packer for versions less than 1.9.5-14
CVE-2026-27136 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2026-39828 affecting package packer for versions less than 1.9.5-14
CVE-2026-39828 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2025-11065 affecting package packer for versions less than 1.9.5-13
CVE-2025-11065 affecting package packer for versions less than 1.9.5-13. A patched version of the package is available...
CVE-2025-58058 affecting package packer for versions less than 1.9.5-15
CVE-2025-58058 affecting package packer for versions less than 1.9.5-15. A patched version of the package is available...
AZL-60604 CVE-2025-22872 affecting package packer for versions less than 1.9.5-13
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-59242 CVE-2025-30204 affecting package packer for versions less than 1.9.5-12
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-57339 CVE-2025-22868 affecting package packer for versions less than 1.9.5-6
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...
AZL-55079 CVE-2025-21614 affecting package packer for versions less than 1.9.5-7
go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git serve...
CVE-2025-47913 affecting package packer for versions less than 1.9.5-16
CVE-2025-47913 affecting package packer for versions less than 1.9.5-16. A patched version of the package is available...
CVE-2025-58190 affecting package packer for versions less than 1.9.5-18
CVE-2025-58190 affecting package packer for versions less than 1.9.5-18. A patched version of the package is available...
AZL-42943 CVE-2024-6104 affecting package packer for versions less than 1.9.5-2
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-35098 CVE-2023-49569 affecting package packer for versions less than 1.9.5-1
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...
AZL-32225 CVE-2023-48795 affecting package packer for versions less than 1.9.5-3
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
AZL-33331 CVE-2023-3978 affecting package packer for versions less than 1.9.5-3
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-40841 CVE-2022-3064 affecting package packer for versions less than 1.9.5-1
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...