4 matches found
CVE-2026-24117 affecting package gh for versions less than 2.62.0-13
CVE-2026-24117 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...
CVE-2026-24117 vulnerabilities
Vulnerabilities for packages: crossplane, kyverno-notation-aws, buildkitd, trivy-operator, kubescape, falcoctl, ko, tekton-chains, policy-controller, goreleaser, trivy, ratify, gitsign, zarf, slsa-verifier, skaffold, kyverno, vexctl, cosign, tflint, gh, tkn, teleport, aactl, spire-server, witness...
CVE-2026-24117
creationtimestamp| type| source ---|---|--- 2026-01-22 23:29:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md2dolf7po2t 2026-01-24 21:22:48+00:00| seen| https://gist.github.com/alon710/6cf2739a7a074bb376a843fb01c0c990 2026-01-24 22:18:26+00:00| seen|...
CVE-2026-24117
CVE-2026-24117 affects Rekor, a software supply chain transparency log. In versions ≤ 1.4.3, the path /api/v1/index/retrieve accepts a user-provided URL to retrieve a public key, enabling Server-Side Request Forgery (SSRF) to internal services. SSRF is limited to GET requests and does not return ...