deps(deps): update ansible/ansible-lint action to v25.4.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
ansible/ansible-lint	action	minor	v25.1.3 -> v25.4.0

---

Release Notes

ansible/ansible-lint (ansible/ansible-lint)

v25.4.0

Compare Source

Bugfixes

• Fix type issue affecting builds (#​4595) @​ssbarnea
• chore(schema): Add Fedora:42 to schema (#​4583) @​andrewrothstein
• Package Latest: Use DNF for Examples (#​4576) @​amayer5125
• chore(schema): add missing ubuntu codenames (#​4572) @​uberjew666

v25.2.1

Compare Source

Bugfixes

• Finish support for data tagging from ansible 2.19 (#​4571) @​ssbarnea

v25.2.0

Compare Source

Enhancements

• Refactor line number identification (#​4564) @​ssbarnea
• Require ansible-core 2.16.11 (#​4569) @​ssbarnea

Bugfixes

• Improve testing and code coverage (#​4561) @​ssbarnea
• Refactor types for future ansible-core compatibility (#​4557) @​ssbarnea
• Isolate ansible internal types to submodule (#​4556) @​ssbarnea
• Add line method to Task class (#​4554) @​ssbarnea
• Move task_to_str to Task class (#​4553) @​ssbarnea
• Add 2025 to WindowsPlatformModel (#​4531) @​rsdoherty

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.038% EPSS Percentile 8th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.083% EPSS Percentile 22nd percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 29th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest

digest	sha256:283c2a4f97c90bdfc275cd72557e94c6eca958a8446cee2230fb84786cc17537
vulnerabilities
platform	linux/amd64
size	74 MB
packages	101

📦 Base Image php:8.3-alpine

also known as	8.3-alpine3.21 8.3-cli-alpine 8.3-cli-alpine3.21 8.3.20-alpine 8.3.20-alpine3.21 8.3.20-cli-alpine 8.3.20-cli-alpine3.21 89ecd5529e233e631df5fd3f7c96b68f875ba072c4f01e94befd2625c20f0341
digest	sha256:0e79f55b54743cb283394ed18bdf523e331b3b4e5510bd94049dab646accbdaf
vulnerabilities

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest

digest	sha256:8f523f279791f5378f04582123dc28153282f4f955c28c08de7a2cbaa5f8c7b8
vulnerabilities
platform	linux/amd64
size	73 MB
packages	102

📦 Base Image oisupport/staging-amd64:8-fpm-alpine

also known as	8-fpm-alpine3.21 8.4-fpm-alpine 8.4-fpm-alpine3.21 8.4.6-fpm-alpine 8.4.6-fpm-alpine3.21 98cbe995de6168ed0a95ce8a6f60b05ade62aa18f359e7641e1773ae114bcfde fpm-alpine fpm-alpine3.21
digest	sha256:e392b708dcc588d75a54bb9e3a1efa02bcd63341a6394eeadc7ecfabbc74ff38
vulnerabilities

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.043% EPSS Percentile 13th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.088% EPSS Percentile 27th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.170% EPSS Percentile 39th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.127% EPSS Percentile 33rd percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

stdlib 1.23.7 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.024% EPSS Percentile 5th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

c-ares 1.34.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <1.34.5-r0 Fixed version 1.34.5-r0 EPSS Score 0.135% EPSS Percentile 35th percentile Description

xz 5.6.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <5.6.3-r1 Fixed version 5.6.3-r1 EPSS Score 0.117% EPSS Percentile 32nd percentile Description

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.042% EPSS Percentile 12th percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is php:8.3-alpine

Name	8.3.20-alpine3.21
Digest	sha256:0e79f55b54743cb283394ed18bdf523e331b3b4e5510bd94049dab646accbdaf
Vulnerabilities
Pushed	2 weeks ago
Size	37 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.3.20

The base image is also available under the supported tag(s): 8.3-alpine3.21, 8.3-cli-alpine, 8.3-cli-alpine3.21, 8.3.20-alpine, 8.3.20-alpine3.21, 8.3.20-cli-alpine, 8.3.20-cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.4-alpine Minor runtime version update Also known as: 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine3.21 alpine 8.4.6-alpine 8.4.6-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Tag was pushed more recently Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.6	2 weeks ago

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is :8-fpm-alpine

Digest
Vulnerabilities
Size	0 B
Packages	0

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.043% EPSS Percentile 13th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.088% EPSS Percentile 27th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.170% EPSS Percentile 39th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.127% EPSS Percentile 33rd percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

stdlib 1.23.7 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

c-ares 1.34.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <1.34.5-r0 Fixed version 1.34.5-r0 EPSS Score 0.135% EPSS Percentile 35th percentile Description

xz 5.6.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <5.6.3-r1 Fixed version 5.6.3-r1 EPSS Score 0.117% EPSS Percentile 32nd percentile Description

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.042% EPSS Percentile 12th percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.024% EPSS Percentile 5th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest

digest	sha256:117cb9ee001f9096fcf0cdba41f6c5ed194dd3936a8e8d6570b3e0940961a1f6
vulnerabilities
platform	linux/amd64
size	79 MB
packages	101

📦 Base Image php:5be29897995256017b94f3d922cb15c5814d94dbf5c35f5dcde5af12d7ed15c6

also known as	8-alpine 8-alpine3.21 8-cli-alpine 8-cli-alpine3.21 8.4-alpine 8.4-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8.4.6-alpine 8.4.6-alpine3.21 alpine cli-alpine3.21
digest	sha256:4458133a931b614540fb42a2d5b366c412ffe43fb079057a99634399805efab9
vulnerabilities

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest

digest	sha256:feb23aa1d9a7110c73e5d73284bd3314631c7b6748eb4d1ed4d588917d2bf2ff
vulnerabilities
platform	linux/amd64
size	69 MB
packages	102

📦 Base Image oisupport/staging-amd64:0ec6156a07077bde9991a202309d901a0357925dcc35879c4d50c0ef4b2d2139

also known as	8.3-fpm-alpine 8.3-fpm-alpine3.21 8.3.20-fpm-alpine 8.3.20-fpm-alpine3.21
digest	sha256:afb237c213155925fb07d7f79f6304e98c82c0f89243df38156e3d2a68869806
vulnerabilities

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is php:8-alpine

Name	8.4.6-alpine3.21
Digest	sha256:4458133a931b614540fb42a2d5b366c412ffe43fb079057a99634399805efab9
Vulnerabilities
Pushed	2 weeks ago
Size	42 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.4.6

The base image is also available under the supported tag(s): 8-alpine3.21, 8-cli-alpine, 8-cli-alpine3.21, 8.4-alpine, 8.4-alpine3.21, 8.4-cli-alpine, 8.4-cli-alpine3.21, 8.4.6-alpine, 8.4.6-alpine3.21, alpine, cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is :0ec6156a07077bde9991a202309d901a0357925dcc35879c4d50c0ef4b2d2139

Digest
Vulnerabilities
Size	0 B
Packages	0

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.043% EPSS Percentile 13th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.088% EPSS Percentile 27th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.170% EPSS Percentile 39th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.127% EPSS Percentile 33rd percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

stdlib 1.23.7 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

c-ares 1.34.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <1.34.5-r0 Fixed version 1.34.5-r0 EPSS Score 0.135% EPSS Percentile 35th percentile Description

xz 5.6.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <5.6.3-r1 Fixed version 5.6.3-r1 EPSS Score 0.117% EPSS Percentile 32nd percentile Description

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.042% EPSS Percentile 12th percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.024% EPSS Percentile 5th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest

digest	sha256:ad93a0bd54e5197044b5935bf4c8b04a52317883a8e8b88d2ec7e46e27774075
vulnerabilities
platform	linux/amd64
size	98 MB
packages	122

📦 Base Image php:5be29897995256017b94f3d922cb15c5814d94dbf5c35f5dcde5af12d7ed15c6

also known as	8-alpine 8-alpine3.21 8-cli-alpine 8-cli-alpine3.21 8.4-alpine 8.4-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8.4.6-alpine 8.4.6-alpine3.21 alpine cli-alpine3.21
digest	sha256:4458133a931b614540fb42a2d5b366c412ffe43fb079057a99634399805efab9
vulnerabilities

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest

digest	sha256:1963143ffb9c4f8ca0e679a6788f4f9cff5975d2a42eadcebd02fd7cf801addd
vulnerabilities
platform	linux/amd64
size	92 MB
packages	122

📦 Base Image php:8.3-alpine

also known as	8.3-alpine3.21 8.3-cli-alpine 8.3-cli-alpine3.21 8.3.20-alpine 8.3.20-alpine3.21 8.3.20-cli-alpine 8.3.20-cli-alpine3.21 89ecd5529e233e631df5fd3f7c96b68f875ba072c4f01e94befd2625c20f0341
digest	sha256:0e79f55b54743cb283394ed18bdf523e331b3b4e5510bd94049dab646accbdaf
vulnerabilities

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.043% EPSS Percentile 13th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.088% EPSS Percentile 27th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.170% EPSS Percentile 39th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.127% EPSS Percentile 33rd percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

stdlib 1.23.7 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.024% EPSS Percentile 5th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

c-ares 1.34.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <1.34.5-r0 Fixed version 1.34.5-r0 EPSS Score 0.135% EPSS Percentile 35th percentile Description

xz 5.6.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <5.6.3-r1 Fixed version 5.6.3-r1 EPSS Score 0.117% EPSS Percentile 32nd percentile Description

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.042% EPSS Percentile 12th percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is php:8-alpine

Name	8.4.6-alpine3.21
Digest	sha256:4458133a931b614540fb42a2d5b366c412ffe43fb079057a99634399805efab9
Vulnerabilities
Pushed	2 weeks ago
Size	42 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.4.6

The base image is also available under the supported tag(s): 8-alpine3.21, 8-cli-alpine, 8-cli-alpine3.21, 8.4-alpine, 8.4-alpine3.21, 8.4-cli-alpine, 8.4-cli-alpine3.21, 8.4.6-alpine, 8.4.6-alpine3.21, alpine, cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is php:8.3-alpine

Name	8.3.20-alpine3.21
Digest	sha256:0e79f55b54743cb283394ed18bdf523e331b3b4e5510bd94049dab646accbdaf
Vulnerabilities
Pushed	2 weeks ago
Size	37 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.3.20

The base image is also available under the supported tag(s): 8.3-alpine3.21, 8.3-cli-alpine, 8.3-cli-alpine3.21, 8.3.20-alpine, 8.3.20-alpine3.21, 8.3.20-cli-alpine, 8.3.20-cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.4-alpine Minor runtime version update Also known as: 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine3.21 alpine 8.4.6-alpine 8.4.6-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Tag was pushed more recently Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.6	2 weeks ago

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.043% EPSS Percentile 13th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.088% EPSS Percentile 27th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.170% EPSS Percentile 39th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.127% EPSS Percentile 33rd percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

stdlib 1.23.7 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

xz 5.6.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <5.6.3-r1 Fixed version 5.6.3-r1 EPSS Score 0.117% EPSS Percentile 32nd percentile Description

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.042% EPSS Percentile 12th percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.024% EPSS Percentile 5th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

c-ares 1.34.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <1.34.5-r0 Fixed version 1.34.5-r0 EPSS Score 0.135% EPSS Percentile 35th percentile Description

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.043% EPSS Percentile 13th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.088% EPSS Percentile 27th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.170% EPSS Percentile 39th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.127% EPSS Percentile 33rd percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

stdlib 1.23.7 (golang) pkg:golang/[email protected] Affected range <1.23.8 Fixed version 1.23.8 EPSS Score 0.015% EPSS Percentile 2nd percentile Description The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

xz 5.6.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <5.6.3-r1 Fixed version 5.6.3-r1 EPSS Score 0.117% EPSS Percentile 32nd percentile Description

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.042% EPSS Percentile 12th percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.024% EPSS Percentile 5th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

c-ares 1.34.3-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.21 Affected range <1.34.5-r0 Fixed version 1.34.5-r0 EPSS Score 0.135% EPSS Percentile 35th percentile Description

[github-actions]

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.