31 matches found
Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1886)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1886 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-132 (ALASDOCKER-2026-132)
The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-132 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-128 (ALASDOCKER-2026-128)
The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-128 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounde...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-124 (ALASDOCKER-2026-124)
The version of runfinch-finch installed on the remote host is prior to 1.17.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-124 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-117 (ALASDOCKER-2026-117)
The version of runfinch-finch installed on the remote host is prior to 1.17.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-117 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination ...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-106 (ALASDOCKER-2026-106)
"The version of runfinch-finch installed on the remote host is prior to 1.15.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2026-106 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting fr...
Important: runfinch-finch
Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-097 (ALASDOCKER-2026-097)
The version of runfinch-finch installed on the remote host is prior to 1.14.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-097 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...
Medium: runfinch-finch
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1336)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1336 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2025-081 (ALASDOCKER-2025-081)
The version of runfinch-finch installed on the remote host is prior to 1.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-081 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1270)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1270 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...
Important: runfinch-finch
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: runfinch-finch
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Medium: runfinch-finch
Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...
Medium: runfinch-finch
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: runfinch-finch Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...
Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-071)
The version of runfinch-finch installed on the remote host is prior to 1.8.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-071 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive...
Important: runfinch-finch
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: runfinch-finch
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: runfinch-finch
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...