Lucene search
+L

145 matches found

osv
osv
added 2023/11/10 7:15 p.m.7 views

AZL-35434 CVE-2023-47108 affecting package docker-buildx for versions less than 0.14.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS6.8AI score0.01592EPSS
Exploits0References1
osv
osv
added 2023/10/12 5:15 p.m.10 views

AZL-35437 CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References1
osv
osv
added 2023/10/10 2:15 p.m.9 views

AZL-35436 CVE-2023-44487 affecting package docker-buildx for versions less than 0.14.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References1
osv
osv
added 2023/03/07 8:9 p.m.46 views

GHSA-GC89-7GCR-JXQC Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS7AI score0.01026EPSS
Exploits1References8
github
github
added 2023/03/07 8:9 p.m.32 views

Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS6.1AI score0.01026EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder