testkube-operator-2.1.22_linux_arm64

digest	sha256:812f87c0c0411b7a11bf4f99822b5aa4f4c9e899fa99cb0e351af9ed78de521b
vulnerabilities
size	12 MB
packages	67

golang.org/x/net 0.17.0 (golang) pkg:golang/golang.org/x/net@0.17.0 Uncontrolled Resource Consumption Affected range <0.23.0 Fixed version 0.23.0 CVSS Score 5.3 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L EPSS Score 0.04% EPSS Percentile 15th percentile Description An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.

google.golang.org/protobuf 1.31.0 (golang) pkg:golang/google.golang.org/protobuf@1.31.0 Loop with Unreachable Exit Condition ('Infinite Loop') Affected range <1.33.0 Fixed version 1.33.0 CVSS Score 7.5 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U EPSS Score 0.04% EPSS Percentile 17th percentile Description The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.