marcel/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd.git synced 2026-02-20 01:28:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

[Bot] docs: Update Snyk report (#26319)

Browse Source 
Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
This commit is contained in:
github-actions[bot]
2026-02-09 11:55:42 +02:00
committed by GitHub
parent 39fcff7bad
commit f2c69c1628
37 changed files with 6764 additions and 2734 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
docs/snyk/index.md
View File

@@ -13,12 +13,13 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 |
| [gitops-engine/go.mod](master/argocd-test.html) | 0 | 2 | 0 | 0 |
| [go.mod](master/argocd-test.html) | 0 | 1 | 0 | 0 |
| [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 2 | 2 |
| [dex:v2.43.0](master/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 15 |
| [haproxy:3.0.8-alpine](master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [dex:v2.43.0](master/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 1 | 0 | 14 |
| [haproxy:3.0.8-alpine](master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 1 | 0 | 14 |
| [redis:8.2.3-alpine](master/public.ecr.aws_docker_library_redis_8.2.3-alpine.html) | 0 | 0 | 0 | 0 |
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 8 | 8 |
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 7 | 10 |
| [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -26,10 +27,11 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.3.0-rc4/argocd-test.html) | 0 | 0 | 0 | 0 |
| [gitops-engine/go.mod](v3.3.0-rc4/argocd-test.html) | 0 | 2 | 0 | 0 |
| [go.mod](v3.3.0-rc4/argocd-test.html) | 0 | 1 | 0 | 0 |
| [ui/yarn.lock](v3.3.0-rc4/argocd-test.html) | 0 | 2 | 4 | 2 |
| [dex:v2.43.0](v3.3.0-rc4/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 15 |
| [haproxy:3.0.8-alpine](v3.3.0-rc4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [dex:v2.43.0](v3.3.0-rc4/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 1 | 0 | 14 |
| [haproxy:3.0.8-alpine](v3.3.0-rc4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 1 | 0 | 14 |
| [redis:8.2.3-alpine](v3.3.0-rc4/public.ecr.aws_docker_library_redis_8.2.3-alpine.html) | 0 | 0 | 0 | 0 |
| [argocd:v3.3.0-rc4](v3.3.0-rc4/quay.io_argoproj_argocd_v3.3.0-rc4.html) | 0 | 0 | 0 | 1 |
| [install.yaml](v3.3.0-rc4/argocd-iac-install.html) | - | - | - | - |
@@ -39,11 +41,11 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.2.6/argocd-test.html) | 0 | 0 | 0 | 0 |
| [go.mod](v3.2.6/argocd-test.html) | 0 | 1 | 0 | 0 |
| [ui/yarn.lock](v3.2.6/argocd-test.html) | 0 | 2 | 6 | 2 |
| [dex:v2.43.0](v3.2.6/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 15 |
| [haproxy:3.0.8-alpine](v3.2.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [redis:8.2.2-alpine](v3.2.6/public.ecr.aws_docker_library_redis_8.2.2-alpine.html) | 0 | 0 | 0 | 14 |
| [dex:v2.43.0](v3.2.6/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 1 | 0 | 14 |
| [haproxy:3.0.8-alpine](v3.2.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 1 | 0 | 14 |
| [redis:8.2.2-alpine](v3.2.6/public.ecr.aws_docker_library_redis_8.2.2-alpine.html) | 0 | 1 | 0 | 13 |
| [argocd:v3.2.6](v3.2.6/quay.io_argoproj_argocd_v3.2.6.html) | 0 | 0 | 0 | 1 |
| [install.yaml](v3.2.6/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.2.6/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -52,12 +54,12 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.1.12/argocd-test.html) | 0 | 0 | 0 | 0 |
| [go.mod](v3.1.12/argocd-test.html) | 0 | 1 | 0 | 0 |
| [ui/yarn.lock](v3.1.12/argocd-test.html) | 1 | 2 | 6 | 2 |
| [dex:v2.43.0](v3.1.12/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 15 |
| [haproxy:3.0.8-alpine](v3.1.12/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [redis:7.2.11-alpine](v3.1.12/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 12 |
| [argocd:v3.1.12](v3.1.12/quay.io_argoproj_argocd_v3.1.12.html) | 0 | 0 | 9 | 22 |
| [dex:v2.43.0](v3.1.12/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 1 | 0 | 14 |
| [haproxy:3.0.8-alpine](v3.1.12/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 1 | 0 | 14 |
| [redis:7.2.11-alpine](v3.1.12/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 1 | 0 | 11 |
| [argocd:v3.1.12](v3.1.12/quay.io_argoproj_argocd_v3.1.12.html) | 0 | 0 | 11 | 24 |
| [install.yaml](v3.1.12/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.1.12/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -65,12 +67,12 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.0.23/argocd-test.html) | 0 | 0 | 0 | 0 |
| [go.mod](v3.0.23/argocd-test.html) | 0 | 1 | 0 | 0 |
| [ui/yarn.lock](v3.0.23/argocd-test.html) | 1 | 2 | 7 | 4 |
| [dex:v2.41.1](v3.0.23/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 2 | 0 | 18 |
| [haproxy:3.0.8-alpine](v3.0.23/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [redis:7.2.11-alpine](v3.0.23/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 12 |
| [argocd:v3.0.23](v3.0.23/quay.io_argoproj_argocd_v3.0.23.html) | 0 | 0 | 9 | 22 |
| [redis:7.2.11-alpine](v3.0.23/redis_7.2.11-alpine.html) | 0 | 0 | 0 | 12 |
| [dex:v2.41.1](v3.0.23/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 3 | 0 | 17 |
| [haproxy:3.0.8-alpine](v3.0.23/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 1 | 0 | 14 |
| [redis:7.2.11-alpine](v3.0.23/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 1 | 0 | 11 |
| [argocd:v3.0.23](v3.0.23/quay.io_argoproj_argocd_v3.0.23.html) | 0 | 0 | 11 | 24 |
| [redis:7.2.11-alpine](v3.0.23/redis_7.2.11-alpine.html) | 0 | 1 | 0 | 11 |
| [install.yaml](v3.0.23/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.0.23/argocd-iac-namespace-install.html) | - | - | - | - |

68
docs/snyk/master/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:34:16 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:37:35 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -881,7 +881,7 @@
</li>
<li class="card__meta__item">
Line number: 32055
Line number: 32097
</li>
</ul>
@@ -933,7 +933,7 @@
</li>
<li class="card__meta__item">
Line number: 32410
Line number: 32452
</li>
</ul>
@@ -1049,7 +1049,7 @@
</li>
<li class="card__meta__item">
Line number: 31851
Line number: 31893
</li>
</ul>
@@ -1107,7 +1107,7 @@
</li>
<li class="card__meta__item">
Line number: 31799
Line number: 31841
</li>
</ul>
@@ -1165,7 +1165,7 @@
</li>
<li class="card__meta__item">
Line number: 31913
Line number: 31955
</li>
</ul>
@@ -1223,7 +1223,7 @@
</li>
<li class="card__meta__item">
Line number: 32026
Line number: 32068
</li>
</ul>
@@ -1281,7 +1281,7 @@
</li>
<li class="card__meta__item">
Line number: 32050
Line number: 32092
</li>
</ul>
@@ -1339,7 +1339,7 @@
</li>
<li class="card__meta__item">
Line number: 32410
Line number: 32452
</li>
</ul>
@@ -1397,7 +1397,7 @@
</li>
<li class="card__meta__item">
Line number: 32109
Line number: 32151
</li>
</ul>
@@ -1455,7 +1455,7 @@
</li>
<li class="card__meta__item">
Line number: 32498
Line number: 32540
</li>
</ul>
@@ -1513,7 +1513,7 @@
</li>
<li class="card__meta__item">
Line number: 32914
Line number: 32998
</li>
</ul>
@@ -1565,7 +1565,7 @@
</li>
<li class="card__meta__item">
Line number: 31831
Line number: 31873
</li>
</ul>
@@ -1669,7 +1669,7 @@
</li>
<li class="card__meta__item">
Line number: 31799
Line number: 31841
</li>
</ul>
@@ -1721,7 +1721,7 @@
</li>
<li class="card__meta__item">
Line number: 32026
Line number: 32068
</li>
</ul>
@@ -1837,7 +1837,7 @@
</li>
<li class="card__meta__item">
Line number: 31799
Line number: 31841
</li>
</ul>
@@ -1895,7 +1895,7 @@
</li>
<li class="card__meta__item">
Line number: 31851
Line number: 31893
</li>
</ul>
@@ -1953,7 +1953,7 @@
</li>
<li class="card__meta__item">
Line number: 31913
Line number: 31955
</li>
</ul>
@@ -2011,7 +2011,7 @@
</li>
<li class="card__meta__item">
Line number: 32026
Line number: 32068
</li>
</ul>
@@ -2069,7 +2069,7 @@
</li>
<li class="card__meta__item">
Line number: 32050
Line number: 32092
</li>
</ul>
@@ -2127,7 +2127,7 @@
</li>
<li class="card__meta__item">
Line number: 32410
Line number: 32452
</li>
</ul>
@@ -2185,7 +2185,7 @@
</li>
<li class="card__meta__item">
Line number: 32109
Line number: 32151
</li>
</ul>
@@ -2243,7 +2243,7 @@
</li>
<li class="card__meta__item">
Line number: 32498
Line number: 32540
</li>
</ul>
@@ -2301,7 +2301,7 @@
</li>
<li class="card__meta__item">
Line number: 32914
Line number: 32998
</li>
</ul>
@@ -2357,7 +2357,7 @@
</li>
<li class="card__meta__item">
Line number: 31712
Line number: 31754
</li>
</ul>
@@ -2413,7 +2413,7 @@
</li>
<li class="card__meta__item">
Line number: 31859
Line number: 31901
</li>
</ul>
@@ -2469,7 +2469,7 @@
</li>
<li class="card__meta__item">
Line number: 31834
Line number: 31876
</li>
</ul>
@@ -2525,7 +2525,7 @@
</li>
<li class="card__meta__item">
Line number: 31958
Line number: 32000
</li>
</ul>
@@ -2581,7 +2581,7 @@
</li>
<li class="card__meta__item">
Line number: 32043
Line number: 32085
</li>
</ul>
@@ -2637,7 +2637,7 @@
</li>
<li class="card__meta__item">
Line number: 32057
Line number: 32099
</li>
</ul>
@@ -2693,7 +2693,7 @@
</li>
<li class="card__meta__item">
Line number: 32418
Line number: 32460
</li>
</ul>
@@ -2749,7 +2749,7 @@
</li>
<li class="card__meta__item">
Line number: 32383
Line number: 32425
</li>
</ul>
@@ -2805,7 +2805,7 @@
</li>
<li class="card__meta__item">
Line number: 32813
Line number: 32897
</li>
</ul>
@@ -2861,7 +2861,7 @@
</li>
<li class="card__meta__item">
Line number: 33195
Line number: 33321
</li>
</ul>

68
docs/snyk/master/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:34:27 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:37:47 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -835,7 +835,7 @@
</li>
<li class="card__meta__item">
Line number: 1303
Line number: 1345
</li>
</ul>
@@ -887,7 +887,7 @@
</li>
<li class="card__meta__item">
Line number: 1658
Line number: 1700
</li>
</ul>
@@ -1003,7 +1003,7 @@
</li>
<li class="card__meta__item">
Line number: 1099
Line number: 1141
</li>
</ul>
@@ -1061,7 +1061,7 @@
</li>
<li class="card__meta__item">
Line number: 1047
Line number: 1089
</li>
</ul>
@@ -1119,7 +1119,7 @@
</li>
<li class="card__meta__item">
Line number: 1161
Line number: 1203
</li>
</ul>
@@ -1177,7 +1177,7 @@
</li>
<li class="card__meta__item">
Line number: 1274
Line number: 1316
</li>
</ul>
@@ -1235,7 +1235,7 @@
</li>
<li class="card__meta__item">
Line number: 1298
Line number: 1340
</li>
</ul>
@@ -1293,7 +1293,7 @@
</li>
<li class="card__meta__item">
Line number: 1658
Line number: 1700
</li>
</ul>
@@ -1351,7 +1351,7 @@
</li>
<li class="card__meta__item">
Line number: 1357
Line number: 1399
</li>
</ul>
@@ -1409,7 +1409,7 @@
</li>
<li class="card__meta__item">
Line number: 1746
Line number: 1788
</li>
</ul>
@@ -1467,7 +1467,7 @@
</li>
<li class="card__meta__item">
Line number: 2162
Line number: 2246
</li>
</ul>
@@ -1519,7 +1519,7 @@
</li>
<li class="card__meta__item">
Line number: 1079
Line number: 1121
</li>
</ul>
@@ -1623,7 +1623,7 @@
</li>
<li class="card__meta__item">
Line number: 1047
Line number: 1089
</li>
</ul>
@@ -1675,7 +1675,7 @@
</li>
<li class="card__meta__item">
Line number: 1274
Line number: 1316
</li>
</ul>
@@ -1791,7 +1791,7 @@
</li>
<li class="card__meta__item">
Line number: 1047
Line number: 1089
</li>
</ul>
@@ -1849,7 +1849,7 @@
</li>
<li class="card__meta__item">
Line number: 1099
Line number: 1141
</li>
</ul>
@@ -1907,7 +1907,7 @@
</li>
<li class="card__meta__item">
Line number: 1161
Line number: 1203
</li>
</ul>
@@ -1965,7 +1965,7 @@
</li>
<li class="card__meta__item">
Line number: 1274
Line number: 1316
</li>
</ul>
@@ -2023,7 +2023,7 @@
</li>
<li class="card__meta__item">
Line number: 1298
Line number: 1340
</li>
</ul>
@@ -2081,7 +2081,7 @@
</li>
<li class="card__meta__item">
Line number: 1658
Line number: 1700
</li>
</ul>
@@ -2139,7 +2139,7 @@
</li>
<li class="card__meta__item">
Line number: 1357
Line number: 1399
</li>
</ul>
@@ -2197,7 +2197,7 @@
</li>
<li class="card__meta__item">
Line number: 1746
Line number: 1788
</li>
</ul>
@@ -2255,7 +2255,7 @@
</li>
<li class="card__meta__item">
Line number: 2162
Line number: 2246
</li>
</ul>
@@ -2311,7 +2311,7 @@
</li>
<li class="card__meta__item">
Line number: 960
Line number: 1002
</li>
</ul>
@@ -2367,7 +2367,7 @@
</li>
<li class="card__meta__item">
Line number: 1107
Line number: 1149
</li>
</ul>
@@ -2423,7 +2423,7 @@
</li>
<li class="card__meta__item">
Line number: 1082
Line number: 1124
</li>
</ul>
@@ -2479,7 +2479,7 @@
</li>
<li class="card__meta__item">
Line number: 1206
Line number: 1248
</li>
</ul>
@@ -2535,7 +2535,7 @@
</li>
<li class="card__meta__item">
Line number: 1291
Line number: 1333
</li>
</ul>
@@ -2591,7 +2591,7 @@
</li>
<li class="card__meta__item">
Line number: 1305
Line number: 1347
</li>
</ul>
@@ -2647,7 +2647,7 @@
</li>
<li class="card__meta__item">
Line number: 1666
Line number: 1708
</li>
</ul>
@@ -2703,7 +2703,7 @@
</li>
<li class="card__meta__item">
Line number: 1631
Line number: 1673
</li>
</ul>
@@ -2759,7 +2759,7 @@
</li>
<li class="card__meta__item">
Line number: 2061
Line number: 2145
</li>
</ul>
@@ -2815,7 +2815,7 @@
</li>
<li class="card__meta__item">
Line number: 2443
Line number: 2569
</li>
</ul>

540
docs/snyk/master/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="5 known vulnerabilities found in 8 vulnerable dependency paths.">
<meta name="description" content="8 known vulnerabilities found in 24 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:31:46 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:35:10 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -505,9 +505,9 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>5</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>8 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2882</span> <span>dependencies</span></div>
<div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>24 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2888</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
@@ -515,6 +515,534 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/gitops-engine <span class="list-paths__item__arrow"></span> gitops-engine/go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/gitops-engine@0.0.0, k8s.io/kubectl/pkg/cmd/auth@0.34.0 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/auth@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/create@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/apply@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/replace@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/util@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/delete@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/completion@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/util@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/gitops-engine <span class="list-paths__item__arrow"></span> gitops-engine/go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/gitops-engine@0.0.0, k8s.io/kubectl/pkg/cmd/auth@0.34.0 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/auth@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/create@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/apply@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/replace@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/util@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/delete@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/completion@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/util@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@0.0.0 and go.opentelemetry.io/otel/sdk/resource@1.39.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.39.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.39.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.39.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.39.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.39.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.39.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform@1.39.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.39.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.39.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.39.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.39.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.39.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.39.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Uncaught Exception</h2>
<div class="card__section">
@@ -866,7 +1394,7 @@
</tbody></table>
<p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>diff</code> to version 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<p>Upgrade <code>diff</code> to version 3.5.1, 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5">GitHub Commit</a></li>

548
docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="25 known vulnerabilities found in 111 vulnerable dependency paths.">
<meta name="description" content="28 known vulnerabilities found in 114 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:31:59 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:35:21 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -505,8 +505,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>25</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>111 vulnerable dependency paths</span></div>
<div class="meta-count"><span>28</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>114 vulnerable dependency paths</span></div>
<div class="meta-count"><span>1131</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -515,6 +515,162 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.43.0 and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
<div class="card__section">
@@ -666,6 +822,158 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPPROXY-9058601">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Improper Handling of Unexpected Data Type</h2>
@@ -826,6 +1134,79 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8747056">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow"></span> /usr/local/bin/gomplate
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/hairyhenderson/gomplate/v4@* and go.opentelemetry.io/otel/sdk/resource@v1.33.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/hairyhenderson/gomplate/v4@*
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@v1.33.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
@@ -2145,162 +2526,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.43.0 and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -2638,7 +2863,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -2783,6 +3008,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

383
docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:32:05 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:35:27 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -521,6 +521,195 @@
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-9230</h2>
<div class="card__section">
@@ -1662,195 +1851,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -2254,7 +2254,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -2432,6 +2432,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

2
docs/snyk/master/public.ecr.aws_docker_library_redis_8.2.3-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:32:14 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:35:34 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

330
docs/snyk/master/quay.io_argoproj_argocd_latest.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="16 known vulnerabilities found in 56 vulnerable dependency paths.">
<meta name="description" content="18 known vulnerabilities found in 57 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:32:37 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:35:56 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -506,9 +506,9 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>16</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>56 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2318</span> <span>dependencies</span></div>
<div class="meta-count"><span>18</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>57 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2324</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
@@ -516,6 +516,79 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/argocd
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@* and go.opentelemetry.io/otel/sdk/resource@v1.39.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@*
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@v1.39.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Directory Traversal</h2>
<div class="card__section">
@@ -1014,94 +1087,6 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-GNUPG2-14849571">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">CVE-2026-0861</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:25.10
</li>
<li class="card__meta__item">
Vulnerable module:
glibc/libc-bin
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.42-0ubuntu3
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
glibc/libc-bin@2.42-0ubuntu3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
glibc/libc6@2.42-0ubuntu3
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:25.10</code> relevant fixed versions and status.</em></p>
<p>Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.</p>
<p>Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1&lt;&lt;62+ 1, 1&lt;&lt;63] and exactly 1&lt;&lt;63 for posix_memalign and aligned_alloc.</p>
<p>Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:25.10</code> <code>glibc</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0861">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0861</a></li>
<li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33796">https://sourceware.org/bugzilla/show_bug.cgi?id=33796</a></li>
<li><a href="https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001">https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/16/5">http://www.openwall.com/lists/oss-security/2026/01/16/5</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-GLIBC-15011156">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Improper Encoding or Escaping of Output</h2>
@@ -1573,6 +1558,165 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-SHADOW-15020669">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Improper Neutralization of Null Byte or NUL Character</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:25.10
</li>
<li class="card__meta__item">
Vulnerable module:
openssh/openssh-client
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:10.0p1-5ubuntu5
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
openssh/openssh-client@1:10.0p1-5ubuntu5
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssh</code> package and not the <code>openssh</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:25.10</code> relevant fixed versions and status.</em></p>
<p>ssh in OpenSSH before 10.1 allows the &#39;\0&#39; character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:25.10</code> <code>openssh</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61985">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61985</a></li>
<li><a href="https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2">https://marc.info/?l=openssh-unix-dev&amp;m=175974522032149&amp;w=2</a></li>
<li><a href="https://www.openssh.com/releasenotes.html#10.1p1">https://www.openssh.com/releasenotes.html#10.1p1</a></li>
<li><a href="https://www.openwall.com/lists/oss-security/2025/10/06/1">https://www.openwall.com/lists/oss-security/2025/10/06/1</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-OPENSSH-15019525">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Failure to Sanitize Special Element</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:25.10
</li>
<li class="card__meta__item">
Vulnerable module:
openssh/openssh-client
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:10.0p1-5ubuntu5
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
openssh/openssh-client@1:10.0p1-5ubuntu5
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssh</code> package and not the <code>openssh</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:25.10</code> relevant fixed versions and status.</em></p>
<p>ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:25.10</code> <code>openssh</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61984">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61984</a></li>
<li><a href="https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2">https://marc.info/?l=openssh-unix-dev&amp;m=175974522032149&amp;w=2</a></li>
<li><a href="https://www.openssh.com/releasenotes.html#10.1p1">https://www.openssh.com/releasenotes.html#10.1p1</a></li>
<li><a href="https://www.openwall.com/lists/oss-security/2025/10/06/1">https://www.openwall.com/lists/oss-security/2025/10/06/1</a></li>
<li><a href="https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984">https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/10/07/1">http://www.openwall.com/lists/oss-security/2025/10/07/1</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/10/12/1">http://www.openwall.com/lists/oss-security/2025/10/12/1</a></li>
<li><a href="https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh">https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh</a></li>
<li><a href="https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh">https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-OPENSSH-15019527">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Information Exposure</h2>

2
docs/snyk/v3.0.23/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:44:50 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:47:59 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.0.23/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:45:00 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:48:09 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

128
docs/snyk/v3.0.23/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="14 known vulnerabilities found in 38 vulnerable dependency paths.">
<meta name="description" content="15 known vulnerabilities found in 42 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:42:38 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:45:48 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -504,8 +504,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>14</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>38 vulnerable dependency paths</span></div>
<div class="meta-count"><span>15</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>42 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2088</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -857,6 +857,124 @@
<p><a href="https://snyk.io/vuln/SNYK-JS-QS-14724253">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@0.0.0 and go.opentelemetry.io/otel/sdk/resource@1.34.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.34.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.34.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.34.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.32.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.32.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.32.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform@1.32.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.34.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.32.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.32.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.32.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.34.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.34.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Prototype Pollution</h2>
@@ -1859,7 +1977,7 @@
</tbody></table>
<p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>diff</code> to version 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<p>Upgrade <code>diff</code> to version 3.5.1, 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5">GitHub Commit</a></li>

475
docs/snyk/v3.0.23/ghcr.io_dexidp_dex_v2.41.1.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="33 known vulnerabilities found in 155 vulnerable dependency paths.">
<meta name="description" content="35 known vulnerabilities found in 157 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:42:48 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:45:58 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -505,8 +505,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>33</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>155 vulnerable dependency paths</span></div>
<div class="meta-count"><span>35</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>157 vulnerable dependency paths</span></div>
<div class="meta-count"><span>969</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -594,6 +594,162 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8496611">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.20
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.41.1 and openssl/libcrypto3@3.3.1-r3
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.4-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.36.1-r29
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.4-r0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.1-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.4-r0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.36.1-r29
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.1-r3
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-15121256">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Access of Resource Using Incompatible Type (&#x27;Type Confusion&#x27;)</h2>
@@ -1114,6 +1270,158 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPPROXY-9058601">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.27.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.27.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.27.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.27.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Denial of Service (DoS)</h2>
@@ -2587,162 +2895,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-15121255">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.20
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.41.1 and openssl/libcrypto3@3.3.1-r3
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.4-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.36.1-r29
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.4-r0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.1-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.4-r0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.1-r3
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.41.1
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.36.1-r29
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.1-r3
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-15121256">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -3377,7 +3529,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -3522,6 +3674,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

383
docs/snyk/v3.0.23/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:42:52 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:46:03 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -521,6 +521,195 @@
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-9230</h2>
<div class="card__section">
@@ -1662,195 +1851,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -2254,7 +2254,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -2432,6 +2432,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

361
docs/snyk/v3.0.23/public.ecr.aws_docker_library_redis_7.2.11-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:42:57 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:46:08 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -513,6 +513,184 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine and openssl/libcrypto3@3.3.5-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69419</h2>
<div class="card__section">
@@ -1046,184 +1224,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine and openssl/libcrypto3@3.3.5-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -1605,7 +1605,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -1772,6 +1772,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

567
docs/snyk/v3.0.23/quay.io_argoproj_argocd_v3.0.23.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="32 known vulnerabilities found in 164 vulnerable dependency paths.">
<meta name="description" content="39 known vulnerabilities found in 173 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:43:25 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:46:31 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -506,8 +506,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>32</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>164 vulnerable dependency paths</span></div>
<div class="meta-count"><span>39</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>173 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2361</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -516,6 +516,231 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.0.23/helm/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/helm
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
helm.sh/helm/v3@* and golang.org/x/net/html@v0.33.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
helm.sh/helm/v3@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.33.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.0.23/helm/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/helm
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
helm.sh/helm/v3@* and golang.org/x/net/html@v0.33.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
helm.sh/helm/v3@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.33.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.0.23/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/argocd
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@* and go.opentelemetry.io/otel/sdk/resource@v1.34.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@*
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@v1.34.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Directory Traversal</h2>
<div class="card__section">
@@ -876,7 +1101,7 @@
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -1085,6 +1310,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>
@@ -1444,7 +1670,7 @@
<p>Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1&lt;&lt;62+ 1, 1&lt;&lt;63] and exactly 1&lt;&lt;63 for posix_memalign and aligned_alloc.</p>
<p>Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
<p>Upgrade <code>Ubuntu:24.04</code> <code>glibc</code> to version 2.39-0ubuntu8.7 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0861">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0861</a></li>
@@ -1459,6 +1685,176 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-15011152">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">CVE-2026-0915</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.0.23/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:24.04
</li>
<li class="card__meta__item">
Vulnerable module:
glibc/libc-bin
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@v3.0.23 and glibc/libc-bin@2.39-0ubuntu8.6
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.0.23
<span class="list-paths__item__arrow"></span>
glibc/libc-bin@2.39-0ubuntu8.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.0.23
<span class="list-paths__item__arrow"></span>
glibc/libc6@2.39-0ubuntu8.6
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
<p>Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library&#39;s DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Ubuntu:24.04</code> <code>glibc</code> to version 2.39-0ubuntu8.7 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0915">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0915</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/16/6">http://www.openwall.com/lists/oss-security/2026/01/16/6</a></li>
<li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33802">https://sourceware.org/bugzilla/show_bug.cgi?id=33802</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-15028413">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">CVE-2025-15281</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.0.23/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:24.04
</li>
<li class="card__meta__item">
Vulnerable module:
glibc/libc-bin
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@v3.0.23 and glibc/libc-bin@2.39-0ubuntu8.6
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.0.23
<span class="list-paths__item__arrow"></span>
glibc/libc-bin@2.39-0ubuntu8.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.0.23
<span class="list-paths__item__arrow"></span>
glibc/libc6@2.39-0ubuntu8.6
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
<p>Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Ubuntu:24.04</code> <code>glibc</code> to version 2.39-0ubuntu8.7 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15281">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15281</a></li>
<li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33814">https://sourceware.org/bugzilla/show_bug.cgi?id=33814</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/20/3">http://www.openwall.com/lists/oss-security/2026/01/20/3</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-15051735">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Improper Encoding or Escaping of Output</h2>
@@ -3818,6 +4214,165 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSL-7838291">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Failure to Sanitize Special Element</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.0.23/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:24.04
</li>
<li class="card__meta__item">
Vulnerable module:
openssh/openssh-client
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@v3.0.23 and openssh/openssh-client@1:9.6p1-3ubuntu13.14
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.0.23
<span class="list-paths__item__arrow"></span>
openssh/openssh-client@1:9.6p1-3ubuntu13.14
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssh</code> package and not the <code>openssh</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
<p>ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:24.04</code> <code>openssh</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61984">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61984</a></li>
<li><a href="https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2">https://marc.info/?l=openssh-unix-dev&amp;m=175974522032149&amp;w=2</a></li>
<li><a href="https://www.openssh.com/releasenotes.html#10.1p1">https://www.openssh.com/releasenotes.html#10.1p1</a></li>
<li><a href="https://www.openwall.com/lists/oss-security/2025/10/06/1">https://www.openwall.com/lists/oss-security/2025/10/06/1</a></li>
<li><a href="https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984">https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/10/07/1">http://www.openwall.com/lists/oss-security/2025/10/07/1</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/10/12/1">http://www.openwall.com/lists/oss-security/2025/10/12/1</a></li>
<li><a href="https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh">https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh</a></li>
<li><a href="https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh">https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSH-13426717">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Improper Neutralization of Null Byte or NUL Character</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.0.23/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:24.04
</li>
<li class="card__meta__item">
Vulnerable module:
openssh/openssh-client
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@v3.0.23 and openssh/openssh-client@1:9.6p1-3ubuntu13.14
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.0.23
<span class="list-paths__item__arrow"></span>
openssh/openssh-client@1:9.6p1-3ubuntu13.14
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssh</code> package and not the <code>openssh</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
<p>ssh in OpenSSH before 10.1 allows the &#39;\0&#39; character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:24.04</code> <code>openssh</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61985">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61985</a></li>
<li><a href="https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2">https://marc.info/?l=openssh-unix-dev&amp;m=175974522032149&amp;w=2</a></li>
<li><a href="https://www.openssh.com/releasenotes.html#10.1p1">https://www.openssh.com/releasenotes.html#10.1p1</a></li>
<li><a href="https://www.openwall.com/lists/oss-security/2025/10/06/1">https://www.openwall.com/lists/oss-security/2025/10/06/1</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSH-13426748">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Information Exposure</h2>

361
docs/snyk/v3.0.23/redis_7.2.11-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:43:31 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:46:39 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -513,6 +513,184 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|redis@7.2.11-alpine and openssl/libcrypto3@3.3.5-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69419</h2>
<div class="card__section">
@@ -1046,184 +1224,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|redis@7.2.11-alpine and openssl/libcrypto3@3.3.5-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -1605,7 +1605,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -1772,6 +1772,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

2
docs/snyk/v3.1.12/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:42:09 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:45:15 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.1.12/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:42:20 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:45:25 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

128
docs/snyk/v3.1.12/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="11 known vulnerabilities found in 21 vulnerable dependency paths.">
<meta name="description" content="12 known vulnerabilities found in 25 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:39:58 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:43:17 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -504,8 +504,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>11</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>21 vulnerable dependency paths</span></div>
<div class="meta-count"><span>12</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>25 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2105</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -686,6 +686,124 @@
<p><a href="https://snyk.io/vuln/SNYK-JS-QS-14724253">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@0.0.0 and go.opentelemetry.io/otel/sdk/resource@1.36.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.36.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.36.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.36.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.36.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.36.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.36.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform@1.36.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.36.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.36.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.36.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.36.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.36.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.36.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Uncaught Exception</h2>
@@ -1766,7 +1884,7 @@
</tbody></table>
<p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>diff</code> to version 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<p>Upgrade <code>diff</code> to version 3.5.1, 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5">GitHub Commit</a></li>

548
docs/snyk/v3.1.12/ghcr.io_dexidp_dex_v2.43.0.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="25 known vulnerabilities found in 111 vulnerable dependency paths.">
<meta name="description" content="28 known vulnerabilities found in 114 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:40:06 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:43:23 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -505,8 +505,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>25</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>111 vulnerable dependency paths</span></div>
<div class="meta-count"><span>28</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>114 vulnerable dependency paths</span></div>
<div class="meta-count"><span>1131</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -515,6 +515,162 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.43.0 and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
<div class="card__section">
@@ -666,6 +822,158 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPPROXY-9058601">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Improper Handling of Unexpected Data Type</h2>
@@ -826,6 +1134,79 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8747056">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow"></span> /usr/local/bin/gomplate
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/hairyhenderson/gomplate/v4@* and go.opentelemetry.io/otel/sdk/resource@v1.33.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/hairyhenderson/gomplate/v4@*
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@v1.33.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
@@ -2145,162 +2526,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.43.0 and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -2638,7 +2863,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -2783,6 +3008,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

383
docs/snyk/v3.1.12/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:40:11 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:43:28 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -521,6 +521,195 @@
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-9230</h2>
<div class="card__section">
@@ -1662,195 +1851,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -2254,7 +2254,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -2432,6 +2432,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

361
docs/snyk/v3.1.12/public.ecr.aws_docker_library_redis_7.2.11-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:40:17 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:43:34 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -513,6 +513,184 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine and openssl/libcrypto3@3.3.5-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69419</h2>
<div class="card__section">
@@ -1046,184 +1224,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine and openssl/libcrypto3@3.3.5-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.225801
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@7.2.11-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r13
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.5-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -1605,7 +1605,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -1772,6 +1772,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

567
docs/snyk/v3.1.12/quay.io_argoproj_argocd_v3.1.12.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="31 known vulnerabilities found in 163 vulnerable dependency paths.">
<meta name="description" content="38 known vulnerabilities found in 172 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:40:47 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:43:55 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -506,8 +506,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>31</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>163 vulnerable dependency paths</span></div>
<div class="meta-count"><span>38</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>172 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2320</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -516,6 +516,231 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.1.12/helm/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/helm
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
helm.sh/helm/v3@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
helm.sh/helm/v3@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.1.12/helm/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/helm
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
helm.sh/helm/v3@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
helm.sh/helm/v3@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.1.12/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/argocd
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@* and go.opentelemetry.io/otel/sdk/resource@v1.36.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@*
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@v1.36.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Directory Traversal</h2>
<div class="card__section">
@@ -876,7 +1101,7 @@
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -1085,6 +1310,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>
@@ -1314,7 +1540,7 @@
<p>Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1&lt;&lt;62+ 1, 1&lt;&lt;63] and exactly 1&lt;&lt;63 for posix_memalign and aligned_alloc.</p>
<p>Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
<p>Upgrade <code>Ubuntu:24.04</code> <code>glibc</code> to version 2.39-0ubuntu8.7 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0861">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0861</a></li>
@@ -1329,6 +1555,176 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-15011152">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">CVE-2026-0915</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.1.12/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:24.04
</li>
<li class="card__meta__item">
Vulnerable module:
glibc/libc-bin
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@v3.1.12 and glibc/libc-bin@2.39-0ubuntu8.6
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.1.12
<span class="list-paths__item__arrow"></span>
glibc/libc-bin@2.39-0ubuntu8.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.1.12
<span class="list-paths__item__arrow"></span>
glibc/libc6@2.39-0ubuntu8.6
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
<p>Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library&#39;s DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Ubuntu:24.04</code> <code>glibc</code> to version 2.39-0ubuntu8.7 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0915">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0915</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/16/6">http://www.openwall.com/lists/oss-security/2026/01/16/6</a></li>
<li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33802">https://sourceware.org/bugzilla/show_bug.cgi?id=33802</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-15028413">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">CVE-2025-15281</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.1.12/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:24.04
</li>
<li class="card__meta__item">
Vulnerable module:
glibc/libc-bin
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@v3.1.12 and glibc/libc-bin@2.39-0ubuntu8.6
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.1.12
<span class="list-paths__item__arrow"></span>
glibc/libc-bin@2.39-0ubuntu8.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.1.12
<span class="list-paths__item__arrow"></span>
glibc/libc6@2.39-0ubuntu8.6
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
<p>Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Ubuntu:24.04</code> <code>glibc</code> to version 2.39-0ubuntu8.7 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15281">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15281</a></li>
<li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33814">https://sourceware.org/bugzilla/show_bug.cgi?id=33814</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/20/3">http://www.openwall.com/lists/oss-security/2026/01/20/3</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-15051735">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Improper Encoding or Escaping of Output</h2>
@@ -3688,6 +4084,165 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSL-7838291">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Failure to Sanitize Special Element</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.1.12/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:24.04
</li>
<li class="card__meta__item">
Vulnerable module:
openssh/openssh-client
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@v3.1.12 and openssh/openssh-client@1:9.6p1-3ubuntu13.14
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.1.12
<span class="list-paths__item__arrow"></span>
openssh/openssh-client@1:9.6p1-3ubuntu13.14
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssh</code> package and not the <code>openssh</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
<p>ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:24.04</code> <code>openssh</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61984">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61984</a></li>
<li><a href="https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2">https://marc.info/?l=openssh-unix-dev&amp;m=175974522032149&amp;w=2</a></li>
<li><a href="https://www.openssh.com/releasenotes.html#10.1p1">https://www.openssh.com/releasenotes.html#10.1p1</a></li>
<li><a href="https://www.openwall.com/lists/oss-security/2025/10/06/1">https://www.openwall.com/lists/oss-security/2025/10/06/1</a></li>
<li><a href="https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984">https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/10/07/1">http://www.openwall.com/lists/oss-security/2025/10/07/1</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/10/12/1">http://www.openwall.com/lists/oss-security/2025/10/12/1</a></li>
<li><a href="https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh">https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh</a></li>
<li><a href="https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh">https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSH-13426717">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Improper Neutralization of Null Byte or NUL Character</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.1.12/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:24.04
</li>
<li class="card__meta__item">
Vulnerable module:
openssh/openssh-client
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@v3.1.12 and openssh/openssh-client@1:9.6p1-3ubuntu13.14
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@v3.1.12
<span class="list-paths__item__arrow"></span>
openssh/openssh-client@1:9.6p1-3ubuntu13.14
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssh</code> package and not the <code>openssh</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
<p>ssh in OpenSSH before 10.1 allows the &#39;\0&#39; character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:24.04</code> <code>openssh</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61985">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-61985</a></li>
<li><a href="https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2">https://marc.info/?l=openssh-unix-dev&amp;m=175974522032149&amp;w=2</a></li>
<li><a href="https://www.openssh.com/releasenotes.html#10.1p1">https://www.openssh.com/releasenotes.html#10.1p1</a></li>
<li><a href="https://www.openwall.com/lists/oss-security/2025/10/06/1">https://www.openwall.com/lists/oss-security/2025/10/06/1</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSH-13426748">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Information Exposure</h2>

2
docs/snyk/v3.2.6/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:39:32 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:42:46 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.2.6/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:39:42 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:42:57 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

128
docs/snyk/v3.2.6/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="10 known vulnerabilities found in 20 vulnerable dependency paths.">
<meta name="description" content="11 known vulnerabilities found in 24 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:37:30 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:40:39 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -504,8 +504,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>10</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>20 vulnerable dependency paths</span></div>
<div class="meta-count"><span>11</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>24 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2115</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -608,6 +608,124 @@
<p><a href="https://snyk.io/vuln/SNYK-JS-QS-14724253">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@0.0.0 and go.opentelemetry.io/otel/sdk/resource@1.38.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.38.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.38.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.38.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.38.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Uncaught Exception</h2>
@@ -1688,7 +1806,7 @@
</tbody></table>
<p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>diff</code> to version 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<p>Upgrade <code>diff</code> to version 3.5.1, 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5">GitHub Commit</a></li>

548
docs/snyk/v3.2.6/ghcr.io_dexidp_dex_v2.43.0.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="25 known vulnerabilities found in 111 vulnerable dependency paths.">
<meta name="description" content="28 known vulnerabilities found in 114 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:37:38 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:40:46 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -505,8 +505,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>25</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>111 vulnerable dependency paths</span></div>
<div class="meta-count"><span>28</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>114 vulnerable dependency paths</span></div>
<div class="meta-count"><span>1131</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -515,6 +515,162 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.43.0 and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
<div class="card__section">
@@ -666,6 +822,158 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPPROXY-9058601">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Improper Handling of Unexpected Data Type</h2>
@@ -826,6 +1134,79 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8747056">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow"></span> /usr/local/bin/gomplate
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/hairyhenderson/gomplate/v4@* and go.opentelemetry.io/otel/sdk/resource@v1.33.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/hairyhenderson/gomplate/v4@*
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@v1.33.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
@@ -2145,162 +2526,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.43.0 and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -2638,7 +2863,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -2783,6 +3008,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

383
docs/snyk/v3.2.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:37:42 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:40:50 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -521,6 +521,195 @@
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-9230</h2>
<div class="card__section">
@@ -1662,195 +1851,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -2254,7 +2254,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -2432,6 +2432,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

391
docs/snyk/v3.2.6/public.ecr.aws_docker_library_redis_8.2.2-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:37:49 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:40:57 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -521,6 +521,199 @@
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.22
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine and openssl/libcrypto3@3.5.4-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.230521
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r19
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.230521
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.9-r3
<span class="list-paths__item__arrow"></span>
apk-tools/libapk2@2.14.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.230521
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r19
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.9-r3
<span class="list-paths__item__arrow"></span>
apk-tools/libapk2@2.14.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.22</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.22</code> <code>openssl</code> to version 3.5.5-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE322-OPENSSL-15121226">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-11187</h2>
<div class="card__section">
@@ -935,7 +1128,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -1117,6 +1310,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>
@@ -2491,199 +2685,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE322-OPENSSL-15121225">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.22
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine and openssl/libcrypto3@3.5.4-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.230521
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r19
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.230521
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.9-r3
<span class="list-paths__item__arrow"></span>
apk-tools/libapk2@2.14.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
.redis-rundeps@20251008.230521
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r19
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.2-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.9-r3
<span class="list-paths__item__arrow"></span>
apk-tools/libapk2@2.14.9-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.5.4-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.22</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.22</code> <code>openssl</code> to version 3.5.5-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE322-OPENSSL-15121226">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2026-22795</h2>

233
docs/snyk/v3.2.6/quay.io_argoproj_argocd_v3.2.6.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="1 known vulnerabilities found in 2 vulnerable dependency paths.">
<meta name="description" content="4 known vulnerabilities found in 5 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:38:11 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:41:17 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -506,8 +506,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>1</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>2 vulnerable dependency paths</span></div>
<div class="meta-count"><span>4</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>5 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2322</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -516,6 +516,231 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.2.6/helm/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/helm
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
helm.sh/helm/v3@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
helm.sh/helm/v3@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.2.6/helm/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/helm
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
helm.sh/helm/v3@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
helm.sh/helm/v3@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.2.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/argocd
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@* and go.opentelemetry.io/otel/sdk/resource@v1.38.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@*
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@v1.38.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
<div class="card__section">

2
docs/snyk/v3.3.0-rc4/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:37:05 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:40:17 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.3.0-rc4/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:37:17 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:40:27 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

538
docs/snyk/v3.3.0-rc4/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="8 known vulnerabilities found in 18 vulnerable dependency paths.">
<meta name="description" content="11 known vulnerabilities found in 34 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:34:41 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:38:02 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -505,8 +505,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>18 vulnerable dependency paths</span></div>
<div class="meta-count"><span>11</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>34 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2868</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -609,6 +609,534 @@
<p><a href="https://snyk.io/vuln/SNYK-JS-QS-14724253">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/gitops-engine <span class="list-paths__item__arrow"></span> gitops-engine/go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/gitops-engine@0.0.0, k8s.io/kubectl/pkg/cmd/auth@0.34.0 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/auth@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/create@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/apply@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/replace@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/util@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/delete@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/completion@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/util@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/gitops-engine <span class="list-paths__item__arrow"></span> gitops-engine/go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/gitops-engine@0.0.0, k8s.io/kubectl/pkg/cmd/auth@0.34.0 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/auth@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/create@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/apply@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/replace@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/util@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/gitops-engine@0.0.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/delete@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/completion@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/cmd/util@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/templates@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/kubectl/pkg/util/term@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/tools/remotecommand@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/client-go/transport/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/httpstream/spdy@0.34.0
<span class="list-paths__item__arrow"></span>
k8s.io/apimachinery/pkg/util/proxy@0.34.0
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@0.44.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@0.0.0 and go.opentelemetry.io/otel/sdk/resource@1.38.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.38.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.38.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.38.0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/trace@1.38.0
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@1.38.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Uncaught Exception</h2>
@@ -1354,7 +1882,7 @@
</tbody></table>
<p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>diff</code> to version 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<p>Upgrade <code>diff</code> to version 3.5.1, 4.0.4, 5.2.2, 8.0.3 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5">GitHub Commit</a></li>

548
docs/snyk/v3.3.0-rc4/ghcr.io_dexidp_dex_v2.43.0.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="25 known vulnerabilities found in 111 vulnerable dependency paths.">
<meta name="description" content="28 known vulnerabilities found in 114 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:34:47 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:38:08 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -505,8 +505,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>25</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>111 vulnerable dependency paths</span></div>
<div class="meta-count"><span>28</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>114 vulnerable dependency paths</span></div>
<div class="meta-count"><span>1131</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -515,6 +515,162 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.43.0 and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
<div class="card__section">
@@ -666,6 +822,158 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPPROXY-9058601">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Inefficient Algorithmic Complexity</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the <code>html.Parse</code> function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4440">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4440">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709876">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Infinite loop</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow"></span> /usr/local/bin/dex
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
golang.org/x/net/html
</li>
<li class="card__meta__item">Introduced through:
github.com/dexidp/dex@* and golang.org/x/net/html@v0.40.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/dexidp/dex@*
<span class="list-paths__item__arrow"></span>
golang.org/x/net/html@v0.40.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
<p>Affected versions of this package are vulnerable to Infinite loop via the <code>html.Parse</code> function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>golang.org/x/net/html</code> to version 0.45.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/golang/vulndb/issues/4441">GitHub Issue</a></li>
<li><a href="https://pkg.go.dev/vuln/GO-2026-4441">Go Advisory</a></li>
<li><a href="https://go.dev/cl/709875">Go Commit</a></li>
<li><a href="https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c">Google Groups Forum</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Improper Handling of Unexpected Data Type</h2>
@@ -826,6 +1134,79 @@
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8747056">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow"></span> /usr/local/bin/gomplate
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/hairyhenderson/gomplate/v4@* and go.opentelemetry.io/otel/sdk/resource@v1.33.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/hairyhenderson/gomplate/v4@*
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@v1.33.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
@@ -2145,162 +2526,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|ghcr.io/dexidp/dex@v2.43.0 and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|ghcr.io/dexidp/dex@v2.43.0
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -2638,7 +2863,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -2783,6 +3008,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

383
docs/snyk/v3.3.0-rc4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:34:52 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:38:12 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -521,6 +521,195 @@
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-9230</h2>
<div class="card__section">
@@ -1662,195 +1851,6 @@
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121240">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69421</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.21
</li>
<li class="card__meta__item">
Vulnerable module:
openssl/libcrypto3
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine and openssl/libcrypto3@3.3.3-r0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
ca-certificates/ca-certificates@20241121-r1
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
<span class="list-paths__item__arrow"></span>
openssl/libcrypto3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
.haproxy-rundeps@20250214.191219
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
apk-tools/apk-tools@2.14.6-r3
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/haproxy@3.0.8-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r12
<span class="list-paths__item__arrow"></span>
openssl/libssl3@3.3.3-r0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.21</code> relevant fixed versions and status.</em></p>
<p>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.</p>
<p>Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.</p>
<p>The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.</p>
<p>Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.</p>
<p>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.</p>
<p>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.21</code> <code>openssl</code> to version 3.3.6-r0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b">https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b</a></li>
<li><a href="https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7">https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7</a></li>
<li><a href="https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd">https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd</a></li>
<li><a href="https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3">https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3</a></li>
<li><a href="https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c">https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE321-OPENSSL-15121241">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-69420</h2>
@@ -2254,7 +2254,7 @@
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -2432,6 +2432,7 @@
<li><a href="https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc">https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc</a></li>
<li><a href="https://openssl-library.org/news/secadv/20260127.txt">https://openssl-library.org/news/secadv/20260127.txt</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2026/01/27/10">http://www.openwall.com/lists/oss-security/2026/01/27/10</a></li>
<li><a href="https://github.com/guiimoraes/CVE-2025-15467">https://github.com/guiimoraes/CVE-2025-15467</a></li>
</ul>
<hr/>

2
docs/snyk/v3.3.0-rc4/public.ecr.aws_docker_library_redis_8.2.3-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:34:56 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:38:16 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

81
docs/snyk/v3.3.0-rc4/quay.io_argoproj_argocd_v3.3.0-rc4.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="1 known vulnerabilities found in 2 vulnerable dependency paths.">
<meta name="description" content="2 known vulnerabilities found in 3 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">February 1st 2026, 12:35:24 am (UTC+00:00)</p>
<p class="timestamp">February 8th 2026, 12:38:36 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -506,8 +506,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>1</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>2 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>3 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2321</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -516,6 +516,79 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Untrusted Search Path</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:v3.3.0-rc4/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> /usr/local/bin/argocd
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
go.opentelemetry.io/otel/sdk/resource
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@* and go.opentelemetry.io/otel/sdk/resource@v1.38.0
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@*
<span class="list-paths__item__arrow"></span>
go.opentelemetry.io/otel/sdk/resource@v1.38.0
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes <code>ioreg</code>, when the <code>PATH</code> environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.</p>
<p><strong>Note:</strong> This vulnerability is only exploitable on MacOS/Darwin systems.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>go.opentelemetry.io/otel/sdk/resource</code> to version 1.40.0 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
<div class="card__section">