Insecure Permissions

github.com/kumahq/kuma is vulnerable to insecure permissions. The vulnerability is due to improper access control that allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

Improper Authentication

github.com/moby/moby is vulnerable to Improper Authentication. The vulnerability is due to the Docker Engine handling of specially-crafted API requests, which causes authorization plugins to receive requests or responses without the body. Attackers can use this flaw to bypass AuthZ plugins and...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to improper enforcement of permission revocation for open terminal sessions within websocket.go, which allows continued unauthorized access and the potential leakage of sensitive information even after...

Denial Of Service (DoS)

github.com/wcharczuk/go-chart is vulnerable to Denial of Service DoS. The vulnerability is due to an infinite loop when executing the drawCanvas function with a StackedBarChart containing a long name value. If the name value originates from untrusted input, an attacker can cause an infinite loop...

GHSA-8PGC-65MJ-53H5 github.com/gitpod-io/gitpod vulnerable to Cookie Tossing

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...

SQL Injection

github.com/openclarity/kubeclarity is vulnerable to SQL Injection. The vulnerability is due to manipulating the packageID parameter in the /api/applicationResources endpoint, where the fmt.Sprintf function is used to build the SQL query string without validating the input. It allows an attacker t...

ROS-20240711-02

A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...

GO-2024-2982 Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault

Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

CBL Mariner 2.0 Security Update: containerized-data-importer / cri-o / ig / libcontainers-common / skopeo (CVE-2024-3727)

The version of containerized-data-importer / cri-o / ig / libcontainers-common / skopeo installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3727 advisory. - A flaw was found in the...

GO-2024-2970 Gogs allows deletion of internal files in github.com/gogs/gogs

Gogs allows deletion of internal files in github.com/gogs/gogs...

Denial Of Service (DoS)

github.com/jackc/pgx is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of robust error handling Pipeline panicking when PgConn PostgreSQL connection is busy or closed, which can result in potential instability and crashes in applications using Pipeline for database...

GHSA-FQPG-RQ76-99PQ Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx

Pipeline can panic when PgConn is busy or closed...

GHSA-XR7Q-JX4M-X55M Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go

Impact This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information. Patches The issue first appeared in 1.64.0 and is patched in 1.64.1 and...

Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

GHSA-MH55-GQVF-XFWM Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

CVE-2024-6284 Improper IPv4 and IPv6 byte order storage in github.com/google/nftables

In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended might block or not block the desired addresses. This issue affects: https://pkg.go.dev/github.com/google/[email protected] The bug was...

GO-2024-2883 Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

GO-2024-2959 Session Middleware Token Injection Vulnerability in github.com/gofiber/fiber

Session Middleware Token Injection Vulnerability in github.com/gofiber/fiber...

GO-2024-2912 Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli

Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli...

GO-2024-2930 RKE credentials are stored in the RKE1 Cluster state ConfigMap in github.com/rancher/rke

When RKE provisions a cluster, it stores the cluster state in a configmap called "full-cluster-state" inside the "kube-system" namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include sensitive data...