bitnami-mongodb-7.0.20_linux_arm64

digest	sha256:53b16c30fdf0e3e1425a33b8d363012c24314ea35f54239653f1a061a3a488be
vulnerabilities
platform	linux/arm64
size	207 MB
packages	650

stdlib 1.24.3 (golang) pkg:golang/stdlib@1.24.3 Affected range >=1.24.0-0 <1.24.4 Fixed version 1.24.4 EPSS Score 0.022% EPSS Percentile 4th percentile Description Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. Affected range >=1.24.0-0 <1.24.4 Fixed version 1.24.4 EPSS Score 0.040% EPSS Percentile 11th percentile Description Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. Affected range >=1.24.0-0 <1.24.4 Fixed version 1.24.4 EPSS Score 0.013% EPSS Percentile 1st percentile Description os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

tar-fs 2.1.2 (npm) pkg:npm/tar-fs@2.1.2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Affected range >=2.0.0 <2.1.3 Fixed version 2.1.3 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N EPSS Score 0.123% EPSS Percentile 32nd percentile Description Impact v3.0.8, v2.1.2, v1.16.4 and below Patches Has been patched in 3.0.9, 2.1.3, and 1.16.5 Workarounds You can use the ignore option to ignore non files/directories. ignore (_, header) { // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory' } Credit Thank you Caleb Brown from Google Open Source Security Team for reporting this in detail.

stdlib 1.23.9 (golang) pkg:golang/stdlib@1.23.9 Affected range <1.23.10 Fixed version 1.23.10 EPSS Score 0.040% EPSS Percentile 11th percentile Description Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. Affected range <1.23.10 Fixed version 1.23.10 EPSS Score 0.013% EPSS Percentile 1st percentile Description os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

brace-expansion 1.1.11 (npm) pkg:npm/brace-expansion@1.1.11 Uncontrolled Resource Consumption Affected range >=1.0.0 <=1.1.11 Fixed version 1.1.12 CVSS Score 1.3 CVSS Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X EPSS Score 0.052% EPSS Percentile 16th percentile Description A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.