nats-server-config-reloader-0.17.3_linux_amd64

digest	sha256:6798c689cca8a98f34e57db124abe46c81edf9bfb02d54ad85da60d0e41ef592
vulnerabilities
platform	linux/amd64
size	5.1 MB
packages	24

stdlib 1.24.3 (golang) pkg:golang/stdlib@1.24.3 # Dockerfile (38:38) COPY --from=deps /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ Affected range >=1.24.0-0 <1.24.4 Fixed version 1.24.4 EPSS Score 0.012% EPSS Percentile 1st percentile Description Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. Affected range >=1.24.0-0 <1.24.4 Fixed version 1.24.4 EPSS Score 0.014% EPSS Percentile 2nd percentile Description Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. Affected range >=1.24.0 <1.24.6 Fixed version 1.24.6 EPSS Score 0.017% EPSS Percentile 3rd percentile Description If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned. Affected range >=1.24.0-0 <1.24.4 Fixed version 1.24.4 EPSS Score 0.011% EPSS Percentile 1st percentile Description os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

openssl 3.5.0-r0 (apk) pkg:apk/alpine/openssl@3.5.0-r0?os_name=alpine&os_version=3.22 # Dockerfile (4:31) FROM alpine:3.22.0 AS deps ARG GO_APP ARG GORELEASER_DIST_DIR=/go/src/dist ARG TARGETOS ARG TARGETARCH ARG TARGETVARIANT RUN mkdir -p /go/bin /go/src ${GORELEASER_DIST_DIR} COPY --from=build ${GORELEASER_DIST_DIR}/ ${GORELEASER_DIST_DIR} RUN <<EOT set -e apk add --no-cache ca-certificates jq cd ${GORELEASER_DIST_DIR}/.. if [[ ${TARGETARCH} == "arm" ]]; then VARIANT=$(echo ${TARGETVARIANT} | sed 's/^v//'); fi BIN_PATH=$(jq -r ".[] |select(.type == \"Binary\" and \ .name == \"${GO_APP}\" and \ .goos == \"${TARGETOS}\" and \ .goarch == \"${TARGETARCH}\" and \ (.goarm == \"${VARIANT}\" or .goarm == null)) | .path" < /go/src/dist/artifacts.json) cp ${BIN_PATH} /go/bin EOT FROM alpine:3.22.0 Affected range <3.5.1-r0 Fixed version 3.5.1-r0 EPSS Score 0.039% EPSS Percentile 11th percentile Description

busybox 1.37.0-r18 (apk) pkg:apk/alpine/busybox@1.37.0-r18?os_name=alpine&os_version=3.22 # Dockerfile (4:31) FROM alpine:3.22.0 AS deps ARG GO_APP ARG GORELEASER_DIST_DIR=/go/src/dist ARG TARGETOS ARG TARGETARCH ARG TARGETVARIANT RUN mkdir -p /go/bin /go/src ${GORELEASER_DIST_DIR} COPY --from=build ${GORELEASER_DIST_DIR}/ ${GORELEASER_DIST_DIR} RUN <<EOT set -e apk add --no-cache ca-certificates jq cd ${GORELEASER_DIST_DIR}/.. if [[ ${TARGETARCH} == "arm" ]]; then VARIANT=$(echo ${TARGETVARIANT} | sed 's/^v//'); fi BIN_PATH=$(jq -r ".[] |select(.type == \"Binary\" and \ .name == \"${GO_APP}\" and \ .goos == \"${TARGETOS}\" and \ .goarch == \"${TARGETARCH}\" and \ (.goarm == \"${VARIANT}\" or .goarm == null)) | .path" < /go/src/dist/artifacts.json) cp ${BIN_PATH} /go/bin EOT FROM alpine:3.22.0 Affected range <=1.37.0-r19 Fixed version Not Fixed EPSS Score 0.011% EPSS Percentile 1st percentile Description Affected range <=1.37.0-r19 Fixed version Not Fixed EPSS Score 0.015% EPSS Percentile 2nd percentile Description