Stacklok Minder
8 CVEs affecting Stacklok Minder. Latest disclosed: 2024-06-18. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-34084 | High | 7.5 | 2024-05-07 | Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has bee… |
CVE-2024-27916 | High | 7.1 | 2024-03-21 | Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByNam… |
CVE-2024-37904 | Medium | 5.7 | 2024-06-18 | Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitH… |
CVE-2024-35238 | Medium | 5.3 | 2024-05-27 | Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack… |
CVE-2024-35194 | Medium | 5.3 | 2024-05-20 | Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that c… |
CVE-2024-35185 | Medium | 5.3 | 2024-05-16 | Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attac… |
CVE-2024-27093 | Medium | 4.6 | 2024-02-26 | Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or d… |
CVE-2024-31455 | Medium | 4.3 | 2024-04-09 | Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories re… |