github.com/stacklok/minder
Go8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/stacklok/minderpage 1 of 1
- CVE-2024-27093MEDIUMCVSS 4.6EG 4.62024-02-26
Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered…
- CVE-2024-27916HIGHCVSS 7.1EG 7.1✓ Fixed in 0.0.332024-03-21
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespecti…
- CVE-2024-31455MEDIUMCVSS 4.3EG 4.3✓ Fixed in 0.0.402024-04-09
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, th…
- CVE-2024-34084HIGHCVSS 7.5EG 7.5✓ Fixed in 0.0.482024-05-07
Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure.…
- CVE-2024-35185MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.0.492024-05-16
Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester…
- CVE-2024-35194MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.0.502024-05-20
Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templatin…
- CVE-2024-35238MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.0.512024-05-27
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users ac…
- CVE-2024-37904MEDIUMCVSS 5.7EG 5.7✓ Fixed in 0.0.522024-06-18
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the `github.com/…
Check whether github.com/stacklok/minder is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/stacklok/minder CVEs against the assets you own.
Start Free Scan →