CVE-2026-25140
- EPSS 0.02%
- Veröffentlicht 04.02.2026 19:02:20
- Zuletzt bearbeitet 20.02.2026 21:31:56
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The Ex...
CVE-2026-25121
- EPSS 0.07%
- Veröffentlicht 04.02.2026 19:02:17
- Zuletzt bearbeitet 20.02.2026 21:31:35
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK...
CVE-2026-25122
- EPSS 0.01%
- Veröffentlicht 04.02.2026 19:02:15
- Zuletzt bearbeitet 20.02.2026 21:31:50
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copy(io.Discard, gzi) without explicit bounds. With an att...