AZL-66747 CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.57.0-16

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

PT-2023-36297 · Unknown · Cdi-Uploadserver-Container +7

Name of the Vulnerable Software and Affected Versions: containerized-data-importer affected versions not specified cdi-apiserver-container affected versions not specified cdi-cloner-container affected versions not specified cdi-controller-container affected versions not specified...