nats-server-config-reloader-0.17.3_linux_amd64

digest	`sha256:6798c689cca8a98f34e57db124abe46c81edf9bfb02d54ad85da60d0e41ef592`
vulnerabilities
platform	linux/amd64
size	5.1 MB
packages	24

stdlib 1.24.3 (golang)

pkg:golang/stdlib@1.24.3

# Dockerfile (38:38)
COPY --from=deps /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

Affected range	`>=1.24.0-0 <1.24.4`
Fixed version	`1.24.4`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

Affected range	`>=1.24.0-0 <1.24.4`
Fixed version	`1.24.4`
EPSS Score	`0.019%`
EPSS Percentile	`3rd percentile`

Description

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Affected range	`>=1.24.0-0 <1.24.4`
Fixed version	`1.24.4`
EPSS Score	`0.011%`
EPSS Percentile	`1st percentile`

Description

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

openssl 3.5.0-r0 (apk)

pkg:apk/alpine/openssl@3.5.0-r0?os_name=alpine&os_version=3.22

# Dockerfile (4:31)
FROM alpine:3.22.0 AS deps

ARG GO_APP
ARG GORELEASER_DIST_DIR=/go/src/dist

ARG TARGETOS
ARG TARGETARCH
ARG TARGETVARIANT

RUN mkdir -p /go/bin /go/src ${GORELEASER_DIST_DIR}

COPY --from=build ${GORELEASER_DIST_DIR}/ ${GORELEASER_DIST_DIR}

RUN <<EOT
  set -e 
  apk add --no-cache ca-certificates jq
  cd ${GORELEASER_DIST_DIR}/..

  if [[ ${TARGETARCH} == "arm" ]]; then VARIANT=$(echo ${TARGETVARIANT} | sed 's/^v//'); fi
  BIN_PATH=$(jq -r ".[] |select(.type   == \"Binary\" and \
                                .name   == \"${GO_APP}\" and \
                                .goos   == \"${TARGETOS}\" and \
                                .goarch == \"${TARGETARCH}\" and \
                                (.goarm == \"${VARIANT}\" or .goarm == null)) | .path" < /go/src/dist/artifacts.json)
  cp ${BIN_PATH} /go/bin
EOT

FROM alpine:3.22.0

Affected range	`<3.5.1-r0`
Fixed version	`3.5.1-r0`
EPSS Score	`0.030%`
EPSS Percentile	`7th percentile`

Description

busybox 1.37.0-r18 (apk)

pkg:apk/alpine/busybox@1.37.0-r18?os_name=alpine&os_version=3.22

# Dockerfile (4:31)
FROM alpine:3.22.0 AS deps

ARG GO_APP
ARG GORELEASER_DIST_DIR=/go/src/dist

ARG TARGETOS
ARG TARGETARCH
ARG TARGETVARIANT

RUN mkdir -p /go/bin /go/src ${GORELEASER_DIST_DIR}

COPY --from=build ${GORELEASER_DIST_DIR}/ ${GORELEASER_DIST_DIR}

RUN <<EOT
  set -e 
  apk add --no-cache ca-certificates jq
  cd ${GORELEASER_DIST_DIR}/..

  if [[ ${TARGETARCH} == "arm" ]]; then VARIANT=$(echo ${TARGETVARIANT} | sed 's/^v//'); fi
  BIN_PATH=$(jq -r ".[] |select(.type   == \"Binary\" and \
                                .name   == \"${GO_APP}\" and \
                                .goos   == \"${TARGETOS}\" and \
                                .goarch == \"${TARGETARCH}\" and \
                                (.goarm == \"${VARIANT}\" or .goarm == null)) | .path" < /go/src/dist/artifacts.json)
  cp ${BIN_PATH} /go/bin
EOT

FROM alpine:3.22.0

Affected range	`<=1.37.0-r19`
Fixed version	Not Fixed
EPSS Score	`0.022%`
EPSS Percentile	`4th percentile`

Description

Affected range	`<=1.37.0-r19`
Fixed version	Not Fixed
EPSS Score	`0.031%`
EPSS Percentile	`7th percentile`

Description