Skip to main content
New to Testkube? Unleash the power of cloud native testing in Kubernetes with Testkube. Get Started >

nats-server-config-reloader-0.17.3_linux_amd64

digestsha256:6798c689cca8a98f34e57db124abe46c81edf9bfb02d54ad85da60d0e41ef592
vulnerabilitiescritical: 0 high: 1 medium: 3 low: 0
platformlinux/amd64
size5.1 MB
packages24
critical: 0 high: 1 medium: 2 low: 0 stdlib 1.24.3 (golang)

pkg:golang/stdlib@1.24.3

# Dockerfile (38:38)
COPY --from=deps /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

high : CVE--2025--22874

Affected range
>=1.24.0-0
<1.24.4
Fixed version1.24.4
EPSS Score0.012%
EPSS Percentile1st percentile
Description

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

medium : CVE--2025--4673

Affected range
>=1.24.0-0
<1.24.4
Fixed version1.24.4
EPSS Score0.044%
EPSS Percentile13th percentile
Description

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

medium : CVE--2025--0913

Affected range
>=1.24.0-0
<1.24.4
Fixed version1.24.4
EPSS Score0.015%
EPSS Percentile2nd percentile
Description

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

critical: 0 high: 0 medium: 1 low: 0 openssl 3.5.0-r0 (apk)

pkg:apk/alpine/openssl@3.5.0-r0?os_name=alpine&os_version=3.22

# Dockerfile (4:31)
FROM alpine:3.22.0 AS deps

ARG GO_APP
ARG GORELEASER_DIST_DIR=/go/src/dist

ARG TARGETOS
ARG TARGETARCH
ARG TARGETVARIANT

RUN mkdir -p /go/bin /go/src ${GORELEASER_DIST_DIR}

COPY --from=build ${GORELEASER_DIST_DIR}/ ${GORELEASER_DIST_DIR}

RUN <<EOT
  set -e 
  apk add --no-cache ca-certificates jq
  cd ${GORELEASER_DIST_DIR}/..

  if [[ ${TARGETARCH} == "arm" ]]; then VARIANT=$(echo ${TARGETVARIANT} | sed 's/^v//'); fi
  BIN_PATH=$(jq -r ".[] |select(.type   == \"Binary\" and \
                                .name   == \"${GO_APP}\" and \
                                .goos   == \"${TARGETOS}\" and \
                                .goarch == \"${TARGETARCH}\" and \
                                (.goarm == \"${VARIANT}\" or .goarm == null)) | .path" < /go/src/dist/artifacts.json)
  cp ${BIN_PATH} /go/bin
EOT

FROM alpine:3.22.0

medium : CVE--2025--4575

Affected range<3.5.1-r0
Fixed version3.5.1-r0
EPSS Score0.029%
EPSS Percentile6th percentile
Description