nats-2.11.3-alpine_linux_amd64

digest	`sha256:f6be324fcee27f2a91178d74f77bb4ba3e5a9d2e72ba7d6871f45d14aadca40a`
vulnerabilities
platform	linux/amd64
size	10 MB
packages	31

stdlib 1.24.2 (golang)

pkg:golang/stdlib@1.24.2

# 2.11.x/alpine3.21/Dockerfile (5:26)
RUN set -eux; \
	apkArch="$(apk --print-arch)"; \
	case "$apkArch" in \
		aarch64) natsArch='arm64'; sha256='24a56aa64219aa6668a18e2d0ea9108d72472852e47677b384c856fc412ae4c7' ;; \
		armhf) natsArch='arm6'; sha256='86fe21d7413b6c7ce68250c0645567b0550eacf2a18eea56374630c83f0f1a76' ;; \
		armv7) natsArch='arm7'; sha256='1832b4f0e105a01b0366ea2e3071aa235870067f0d042db2ff4dfdb6ceb673a8' ;; \
		x86_64) natsArch='amd64'; sha256='9cdab8b2e2488128caee6519e2f15f1aa33a78b4386ee1776a06b4818d7ec197' ;; \
		x86) natsArch='386'; sha256='9173707ded6d71210c5e0eb9a29f3979888a7e658d52cb8fe32b7e498a852143' ;; \
		s390x) natsArch='s390x'; sha256='61de816adafa99fbe7130ee77a350fd44f7c97c51bc28a210e0a53c0ced1621f' ;; \
		ppc64le) natsArch='ppc64le'; sha256='5b1a2ea2bcd68d0751dd718ce434a7c57161415c202e5723191891360b1e5fd7' ;; \
		*) echo >&2 "error: $apkArch is not supported!"; exit 1 ;; \
	esac; \
	\
	wget -O nats-server.tar.gz "https://github.com/nats-io/nats-server/releases/download/v${NATS_SERVER}/nats-server-v${NATS_SERVER}-linux-${natsArch}.tar.gz"; \
	echo "${sha256} *nats-server.tar.gz" | sha256sum -c -; \
	\
	apk add --no-cache ca-certificates tzdata; \
	\
	tar -xf nats-server.tar.gz; \
	rm nats-server.tar.gz; \
	mv "nats-server-v${NATS_SERVER}-linux-${natsArch}/nats-server" /usr/local/bin; \
	rm -rf "nats-server-v${NATS_SERVER}-linux-${natsArch}";

Affected range	`>=1.24.0-0 <1.24.4`
Fixed version	`1.24.4`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

Affected range	`>=1.24.0-0 <1.24.4`
Fixed version	`1.24.4`
EPSS Score	`0.014%`
EPSS Percentile	`2nd percentile`

Description

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Affected range	`>=1.24.0 <1.24.6`
Fixed version	`1.24.6`
EPSS Score	`0.017%`
EPSS Percentile	`3rd percentile`

Description

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Affected range	`>=1.24.0-0 <1.24.4`
Fixed version	`1.24.4`
EPSS Score	`0.011%`
EPSS Percentile	`1st percentile`

Description

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

busybox 1.37.0-r12 (apk)

pkg:apk/alpine/busybox@1.37.0-r12?os_name=alpine&os_version=3.21

# 2.11.x/alpine3.21/Dockerfile (0:0)

Affected range	`<=1.37.0-r13`
Fixed version	Not Fixed
EPSS Score	`0.011%`
EPSS Percentile	`1st percentile`

Description

Affected range	`<=1.37.0-r13`
Fixed version	Not Fixed
EPSS Score	`0.015%`
EPSS Percentile	`2nd percentile`

Description