4 matches found
CVE-2026-24117 affecting package gh for versions less than 2.62.0-13
CVE-2026-24117 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...
CVE-2026-24117 vulnerabilities
Vulnerabilities for packages: tflint, trivy, kyverno, goreleaser, flux-source-controller, falcoctl, kubescape, ko, ratify, crossplane, gitsign, cosign, tekton-chains, zot, neuvector-sigstore-interface, buildkitd, kyverno-notation-aws, aactl, skaffold, gh, tkn, vexctl, zarf, teleport, witness,...
CVE-2026-24117
creationtimestamp| type| source ---|---|--- 2026-01-22 23:29:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md2dolf7po2t 2026-01-24 21:22:48+00:00| seen| https://gist.github.com/alon710/6cf2739a7a074bb376a843fb01c0c990 2026-01-24 22:18:26+00:00| seen|...
CVE-2026-24117
CVE-2026-24117 affects Rekor, a software supply chain transparency log. In versions ≤ 1.4.3, the path /api/v1/index/retrieve accepts a user-provided URL to retrieve a public key, enabling Server-Side Request Forgery (SSRF) to internal services. SSRF is limited to GET requests and does not return ...