Skip to main content
New to Testkube? Unleash the power of cloud native testing in Kubernetes with Testkube. Get Started >

testkube-tw-toolkit-2.1.143_linux_amd64

digestsha256:49d5e459ae2f34c45fff3d954a1f7c44a437c2454afb11b6742592b5b7e3bd9e
vulnerabilitiescritical: 0 high: 4 medium: 5 low: 0
platformlinux/amd64
size48 MB
packages173
critical: 0 high: 1 medium: 0 low: 0 musl 1.2.5-r0 (apk)

pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64&distro=alpine-3.20.3

# tw-toolkit.Dockerfile (24:24)
FROM ${ALPINE_IMAGE}

high : CVE--2025--26519

Affected range<1.2.5-r1
Fixed version1.2.5-r1
EPSS Score0.010%
EPSS Percentile1st percentile
Description
critical: 0 high: 1 medium: 0 low: 0 libexpat 2.6.4-r0 (apk)

pkg:apk/alpine/libexpat@2.6.4-r0?arch=x86_64&distro=alpine-3.20.3&upstream=expat

# tw-toolkit.Dockerfile (25:25)
RUN apk --no-cache add ca-certificates libssl3 git openssh-client

high : CVE--2024--8176

Affected range<2.7.0-r0
Fixed version2.7.0-r0
EPSS Score0.346%
EPSS Percentile56th percentile
Description
critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.32.0 (golang)

pkg:golang/golang.org/x/crypto@0.32.0

# tw-toolkit.Dockerfile (28:28)
COPY --from=build /app/testworkflow-init /init

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.042%
EPSS Percentile12th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/oauth2 0.26.0 (golang)

pkg:golang/golang.org/x/oauth2@0.26.0

# tw-toolkit.Dockerfile (28:28)
COPY --from=build /app/testworkflow-init /init

high : CVE--2025--22868

Affected range<0.27.0
Fixed version0.27.0
EPSS Score0.051%
EPSS Percentile16th percentile
Description

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

critical: 0 high: 0 medium: 3 low: 0 libssl3 3.3.2-r0 (apk)

pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64&distro=alpine-3.20.3&upstream=openssl

# tw-toolkit.Dockerfile (24:24)
FROM ${ALPINE_IMAGE}

medium : CVE--2024--12797

Affected range<3.3.3-r0
Fixed version3.3.3-r0
EPSS Score0.183%
EPSS Percentile41st percentile
Description

medium : CVE--2024--9143

Affected range<3.3.2-r1
Fixed version3.3.2-r1
EPSS Score0.372%
EPSS Percentile58th percentile
Description

medium : CVE--2024--13176

Affected range<3.3.2-r2
Fixed version3.3.2-r2
EPSS Score0.033%
EPSS Percentile8th percentile
Description
critical: 0 high: 0 medium: 2 low: 0 golang.org/x/net 0.34.0 (golang)

pkg:golang/golang.org/x/net@0.34.0

# tw-toolkit.Dockerfile (28:28)
COPY --from=build /app/testworkflow-init /init

medium 5.3: CVE--2025--22872 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range<0.38.0
Fixed version0.38.0
CVSS Score5.3
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
EPSS Score0.012%
EPSS Percentile1st percentile
Description

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).

medium 4.4: CVE--2025--22870 Misinterpretation of Input

Affected range<0.36.0
Fixed version0.36.0
CVSS Score4.4
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
EPSS Score0.009%
EPSS Percentile1st percentile
Description

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.