13 matches found
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: gptscript, vcluster, wolfictl, pulumi-language-dotnet, boring-registry, docker, pulumi-kubernetes-operator, rclone, opentofu, argo-rollouts, datadog-agent, flux-kustomize-controller, cerbos, cilium-cli, crossplane-provider-aws-sns, crossplane-provider-aws-elasticache...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: gptscript, vcluster, wolfictl, pulumi-language-dotnet, boring-registry, docker, pulumi-kubernetes-operator, rclone, opentofu, argo-rollouts, datadog-agent, flux-kustomize-controller, cerbos, cilium-cli, crossplane-provider-aws-sns, crossplane-provider-aws-elasticache...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: trivy, reports-server, datadog-agent, nuclei, cert-manager-cmctl, crossplane-provider-azure-managedidentity, terragrunt, livekit-cli, atlantis, gitlab-runner, crossplane-provider-aws-cloudwatchlogs-fips, scorecard, crossplane-provider-aws-route53-fips,...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
Improper use of cryptographic key in wal-g
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
GHSA-VRMR-F2QH-3HHF Improper use of cryptographic key in wal-g
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
Information Disclosure
github.com/wal-g/wal-g is vulnerable to information disclosure. The vulnerability exists when user uses libsodium encryption for their backup files which is not available but are silently processed and uploaded as plaintext...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
Code injection
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
CVE-2021-38599
CVE-2021-38599 affects WAL-G prior to version 1.1. In non-libSodium builds, WAL-G silently ignores the libsodium encryption key and uploads backups in plaintext, creating an information disclosure vulnerability. Affected software: WAL-G backup tool (used with PostgreSQL, MySQL/MariaDB, MS SQL Ser...
WAL-G 代码问题漏洞
WAL-G is an archive recovery tool for PostgreSQL, MySQL/MariaDB and MS SQL Server MongoDB and Redis beta. A code issue vulnerability exists in WAL-G prior to 1.1, which stems from a lack of checking for the existence of libsodium keys in non-libsodium builds...