Skip to main content
New to Testkube? Unleash the power of cloud native testing in Kubernetes with Testkube. Get Started >

nats-2.11.3-alpine_linux_amd64

digestsha256:f6be324fcee27f2a91178d74f77bb4ba3e5a9d2e72ba7d6871f45d14aadca40a
vulnerabilitiescritical: 0 high: 1 medium: 2 low: 2
platformlinux/amd64
size10 MB
packages31
critical: 0 high: 1 medium: 2 low: 0 stdlib 1.24.2 (golang)

pkg:golang/stdlib@1.24.2

# 2.11.x/alpine3.21/Dockerfile (5:26)
RUN set -eux; \
	apkArch="$(apk --print-arch)"; \
	case "$apkArch" in \
		aarch64) natsArch='arm64'; sha256='24a56aa64219aa6668a18e2d0ea9108d72472852e47677b384c856fc412ae4c7' ;; \
		armhf) natsArch='arm6'; sha256='86fe21d7413b6c7ce68250c0645567b0550eacf2a18eea56374630c83f0f1a76' ;; \
		armv7) natsArch='arm7'; sha256='1832b4f0e105a01b0366ea2e3071aa235870067f0d042db2ff4dfdb6ceb673a8' ;; \
		x86_64) natsArch='amd64'; sha256='9cdab8b2e2488128caee6519e2f15f1aa33a78b4386ee1776a06b4818d7ec197' ;; \
		x86) natsArch='386'; sha256='9173707ded6d71210c5e0eb9a29f3979888a7e658d52cb8fe32b7e498a852143' ;; \
		s390x) natsArch='s390x'; sha256='61de816adafa99fbe7130ee77a350fd44f7c97c51bc28a210e0a53c0ced1621f' ;; \
		ppc64le) natsArch='ppc64le'; sha256='5b1a2ea2bcd68d0751dd718ce434a7c57161415c202e5723191891360b1e5fd7' ;; \
		*) echo >&2 "error: $apkArch is not supported!"; exit 1 ;; \
	esac; \
	\
	wget -O nats-server.tar.gz "https://github.com/nats-io/nats-server/releases/download/v${NATS_SERVER}/nats-server-v${NATS_SERVER}-linux-${natsArch}.tar.gz"; \
	echo "${sha256} *nats-server.tar.gz" | sha256sum -c -; \
	\
	apk add --no-cache ca-certificates tzdata; \
	\
	tar -xf nats-server.tar.gz; \
	rm nats-server.tar.gz; \
	mv "nats-server-v${NATS_SERVER}-linux-${natsArch}/nats-server" /usr/local/bin; \
	rm -rf "nats-server-v${NATS_SERVER}-linux-${natsArch}";

high : CVE--2025--22874

Affected range
>=1.24.0-0
<1.24.4
Fixed version1.24.4
EPSS Score0.012%
EPSS Percentile1st percentile
Description

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

medium : CVE--2025--4673

Affected range
>=1.24.0-0
<1.24.4
Fixed version1.24.4
EPSS Score0.019%
EPSS Percentile3rd percentile
Description

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

medium : CVE--2025--0913

Affected range
>=1.24.0-0
<1.24.4
Fixed version1.24.4
EPSS Score0.011%
EPSS Percentile1st percentile
Description

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

critical: 0 high: 0 medium: 0 low: 2 busybox 1.37.0-r12 (apk)

pkg:apk/alpine/busybox@1.37.0-r12?os_name=alpine&os_version=3.21

# 2.11.x/alpine3.21/Dockerfile (0:0)


low : CVE--2025--46394

Affected range<=1.37.0-r13
Fixed versionNot Fixed
EPSS Score0.022%
EPSS Percentile4th percentile
Description

low : CVE--2024--58251

Affected range<=1.37.0-r13
Fixed versionNot Fixed
EPSS Score0.031%
EPSS Percentile7th percentile
Description