nats-2.12.7-alpine_linux_arm64

digest	`sha256:cb1c336dc892313409a8a9be0bd058eeb502231aa3383b448d862253abe72660`
vulnerabilities
platform	linux/arm64/v8
size	11 MB
packages	32

stdlib 1.25.9 (golang)

pkg:golang/stdlib@1.25.9

# 2.12.x/alpine3.22/Dockerfile (14:36)
RUN set -eux; \
    apkArch="$(apk --print-arch)"; \
    case "$apkArch" in \
    aarch64) natsArch='arm64'; sha256='3b9a79986778285c0e5acaba0b1218b72f6159db68fe5b8916a7d846240f9f22' ;; \
    armhf) natsArch='arm6'; sha256='83e4886378c1b779a8036b614d99a5d3841fbb12838d076031b153bec8aff247' ;; \
    armv7) natsArch='arm7'; sha256='c6a2563489aa54ecb2f5ff73d24fc5f9052ef70c4bf179b10ea322811cd42a0b' ;; \
    x86_64) natsArch='amd64'; sha256='570d2d627db111e679cc1e6bc57ba78f373ed1769acd8dc9c21c8f62d15b3c52' ;; \
    x86) natsArch='386'; sha256='6f866cdd4e5c4414f50e62394ee1fd132ad3b972086d10df12d88c30264a66ac' ;; \
    s390x) natsArch='s390x'; sha256='34ae4158237e879c7bf79875101f14a79184c23757f11d521c40c59518203950' ;; \
    ppc64le) natsArch='ppc64le'; sha256='6508ea8a70d7d5cc68978150a55bd51e2a41a37f120c361d7b48c06c699728c8' ;; \
    loong64) natsArch='loong64'; sha256='614bd0bffe5c7835bbef5e330e25dcf0041c73d84a7976ba598c5c1d5bd49980' ;; \
    *) echo >&2 "error: $apkArch is not supported!"; exit 1 ;; \
    esac; \
    \
    wget -O nats-server.tar.gz "https://github.com/nats-io/nats-server/releases/download/v${NATS_SERVER}/nats-server-v${NATS_SERVER}-linux-${natsArch}.tar.gz"; \
    echo "${sha256} *nats-server.tar.gz" | sha256sum -c -; \
    \
    apk add --no-cache ca-certificates tzdata; \
    \
    tar -xf nats-server.tar.gz; \
    rm nats-server.tar.gz; \
    mv "nats-server-v${NATS_SERVER}-linux-${natsArch}/nats-server" /usr/local/bin; \
    rm -rf "nats-server-v${NATS_SERVER}-linux-${natsArch}";

Affected range	`<1.25.10`
Fixed version	`1.25.10`
EPSS Score	`0.023%`
EPSS Percentile	`7th percentile`

Description

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

Affected range	`<1.25.10`
Fixed version	`1.25.10`
EPSS Score	`0.018%`
EPSS Percentile	`5th percentile`

Description

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

Affected range	`<1.25.10`
Fixed version	`1.25.10`
EPSS Score	`0.042%`
EPSS Percentile	`13th percentile`

Description

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

Affected range	`<1.25.10`
Fixed version	`1.25.10`
EPSS Score	`0.019%`
EPSS Percentile	`5th percentile`

Description

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Affected range	`<1.25.10`
Fixed version	`1.25.10`
EPSS Score	`0.018%`
EPSS Percentile	`5th percentile`

Description

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Affected range	`<1.25.10`
Fixed version	`1.25.10`
EPSS Score	`0.015%`
EPSS Percentile	`3rd percentile`

Description

If a trusted template author were to write a </blockquote> </details>
<a href="https://scout.docker.com/v/CVE-2026-39823?s=golang&n=stdlib&t=golang&vr=%3C1.25.10"><img alt="medium : CVE--2026--39823" src="https://img.shields.io/badge/CVE--2026--39823-lightgrey?label=medium%20&labelColor=fbb552"/></a>

Affected range <1.25.10
Fixed version 1.25.10
EPSS Score 0.013%
EPSS Percentile 2nd percentile

Description

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a
tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS.

Affected range <1.25.10
Fixed version 1.25.10
EPSS Score 0.012%
EPSS Percentile 2nd percentile

Description

ReverseProxy can forward queries containing parameters not visible to Rewrite functions.

When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function.

For example, the query "a1=x&a2=x&...&a10000=x&hidden=y" can forward the parameter "hidden=y" while hiding it from the proxy's Rewrite function.

busybox 1.37.0-r20 (apk)

pkg:apk/alpine/busybox@1.37.0-r20?os_name=alpine&os_version=3.22

# 2.12.x/alpine3.22/Dockerfile (0:0)

Affected range	`<=1.37.0-r20`
Fixed version	Not Fixed
EPSS Score	`0.051%`
EPSS Percentile	`16th percentile`

Description