Skip to main content
New to Testkube? Unleash the power of cloud native testing in Kubernetes with Testkube. Get Started >

nats-2.10.16-alpine_linux_arm64

digestsha256:2a9a47867f6910dcad35ee2adb40e1ebd4f7381cfa7ac8e3d46ee709c9509454
vulnerabilitiescritical: 2 high: 5 medium: 1 low: 0 unspecified: 3
size9.2 MB
packages31
critical: 1 high: 4 medium: 1 low: 0 unspecified: 1stdlib 1.22.3 (golang)

pkg:golang/stdlib@1.22.3
critical : CVE--2024--24790

Affected range
>=1.22.0-0
<1.22.4
Fixed version1.22.4
EPSS Score0.06%
EPSS Percentile28th percentile
Description

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range
>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile16th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile56th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

medium : CVE--2024--24789

Affected range
>=1.22.0-0
<1.22.4
Fixed version1.22.4
EPSS Score0.04%
EPSS Percentile11th percentile
Description

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

unspecified : CVE--2024--34155

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile16th percentile
Description

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

critical: 1 high: 1 medium: 0 low: 0 unspecified: 2openssl 3.1.5-r0 (apk)

pkg:apk/alpine/openssl@3.1.5-r0?os_name=alpine&os_version=3.19
critical : CVE--2024--5535

Affected range<3.1.6-r0
Fixed version3.1.6-r0
EPSS Score0.04%
EPSS Percentile14th percentile
Description

high : CVE--2024--6119

Affected range<3.1.7-r0
Fixed version3.1.7-r0
EPSS Score0.04%
EPSS Percentile16th percentile
Description

unspecified : CVE--2024--9143

Affected range<3.1.7-r1
Fixed version3.1.7-r1
EPSS Score0.04%
EPSS Percentile11th percentile
Description

unspecified : CVE--2024--4741

Affected range<3.1.6-r0
Fixed version3.1.6-r0
Description