Skip to main content
New to Testkube? Unleash the power of cloud native testing in Kubernetes with Testkube. Get Started >

testkube-tw-toolkit-2.3.0_linux_arm64

digestsha256:117b723cad73bfb9e28d1eb19638d7926d561f27f0cd8e2239e4a1e1b24576ce
vulnerabilitiescritical: 0 high: 14 medium: 14 low: 6
platformlinux/arm64
size46 MB
packages202
critical: 0 high: 6 medium: 1 low: 1 git 2.45.3-r0 (apk)

pkg:apk/alpine/git@2.45.3-r0?arch=aarch64&distro=alpine-3.20.6

# tw-toolkit.Dockerfile (25:25)
RUN apk --no-cache add ca-certificates libssl3 git openssh-client

high : CVE--2025--48385

Affected range<2.45.4-r0
Fixed version2.45.4-r0
EPSS Score0.145%
EPSS Percentile36th percentile
Description

high : CVE--2025--46334

Affected range<2.45.4-r0
Fixed version2.45.4-r0
EPSS Score0.026%
EPSS Percentile6th percentile
Description

high : CVE--2025--27614

Affected range<2.45.4-r0
Fixed version2.45.4-r0
EPSS Score0.027%
EPSS Percentile6th percentile
Description

high : CVE--2025--46835

Affected range<2.45.4-r0
Fixed version2.45.4-r0
EPSS Score0.028%
EPSS Percentile7th percentile
Description

high : CVE--2025--48384

Affected range<2.45.4-r0
Fixed version2.45.4-r0
EPSS Score2.743%
EPSS Percentile86th percentile
Description

high : CVE--2024--52005

Affected range<=2.45.3-r0
Fixed versionNot Fixed
EPSS Score0.121%
EPSS Percentile32nd percentile
Description

medium : CVE--2025--48386

Affected range<2.45.4-r0
Fixed version2.45.4-r0
EPSS Score0.017%
EPSS Percentile3rd percentile
Description

low : CVE--2025--27613

Affected range<2.45.4-r0
Fixed version2.45.4-r0
EPSS Score0.029%
EPSS Percentile7th percentile
Description
critical: 0 high: 2 medium: 7 low: 1 stdlib 1.25.1 (golang)

pkg:golang/stdlib@1.25.1

# tw-toolkit.Dockerfile (28:28)
COPY --from=build /app/testworkflow-init /init

high : CVE--2025--61725

Affected range
>=1.25.0
<1.25.2
Fixed version1.25.2
EPSS Score0.030%
EPSS Percentile8th percentile
Description

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

high : CVE--2025--58188

Affected range
>=1.25.0
<1.25.2
Fixed version1.25.2
EPSS Score0.024%
EPSS Percentile5th percentile
Description

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.

This affects programs which validate arbitrary certificate chains.

medium : CVE--2025--61723

Affected range
>=1.25.0
<1.25.2
Fixed version1.25.2
EPSS Score0.029%
EPSS Percentile7th percentile
Description

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.

This affects programs which parse untrusted PEM inputs.

medium : CVE--2025--58187

Affected range
>=1.25.0
<1.25.3
Fixed version1.25.3
EPSS Score0.008%
EPSS Percentile1st percentile
Description

Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate.

This affects programs which validate arbitrary certificate chains.

medium : CVE--2025--61724

Affected range
>=1.25.0
<1.25.2
Fixed version1.25.2
EPSS Score0.039%
EPSS Percentile11th percentile
Description

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

medium : CVE--2025--58189

Affected range
>=1.25.0
<1.25.2
Fixed version1.25.2
EPSS Score0.029%
EPSS Percentile7th percentile
Description

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

medium : CVE--2025--58186

Affected range
>=1.25.0
<1.25.2
Fixed version1.25.2
EPSS Score0.039%
EPSS Percentile11th percentile
Description

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

medium : CVE--2025--58185

Affected range
>=1.25.0
<1.25.2
Fixed version1.25.2
EPSS Score0.019%
EPSS Percentile4th percentile
Description

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

medium : CVE--2025--47912

Affected range
>=1.25.0
<1.25.2
Fixed version1.25.2
EPSS Score0.043%
EPSS Percentile13th percentile
Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

low : CVE--2025--58183

Affected range
>=1.25.0
<1.25.2
Fixed version1.25.2
EPSS Score0.006%
EPSS Percentile0th percentile
Description

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

critical: 0 high: 2 medium: 3 low: 0 libcurl 8.12.1-r0 (apk)

pkg:apk/alpine/libcurl@8.12.1-r0?arch=aarch64&distro=alpine-3.20.6&upstream=curl

# tw-toolkit.Dockerfile (25:25)
RUN apk --no-cache add ca-certificates libssl3 git openssh-client

high : CVE--2025--9086

Affected range<8.14.1-r2
Fixed version8.14.1-r2
EPSS Score0.054%
EPSS Percentile17th percentile
Description

high : CVE--2025--5399

Affected range<8.14.1-r0
Fixed version8.14.1-r0
EPSS Score0.027%
EPSS Percentile6th percentile
Description

medium : CVE--2025--4947

Affected range<8.14.0-r0
Fixed version8.14.0-r0
EPSS Score0.019%
EPSS Percentile4th percentile
Description

medium : CVE--2025--10148

Affected range<8.14.1-r2
Fixed version8.14.1-r2
EPSS Score0.039%
EPSS Percentile11th percentile
Description

medium : CVE--2025--5025

Affected range<8.14.0-r0
Fixed version8.14.0-r0
EPSS Score0.021%
EPSS Percentile4th percentile
Description
critical: 0 high: 1 medium: 2 low: 0 libssl3 3.3.3-r0 (apk)

pkg:apk/alpine/libssl3@3.3.3-r0?arch=aarch64&distro=alpine-3.20.6&upstream=openssl

# tw-toolkit.Dockerfile (24:24)
FROM ${ALPINE_IMAGE}

high : CVE--2025--9230

Affected range<3.3.5-r0
Fixed version3.3.5-r0
EPSS Score0.029%
EPSS Percentile7th percentile
Description

medium : CVE--2025--9231

Affected range<3.3.5-r0
Fixed version3.3.5-r0
EPSS Score0.014%
EPSS Percentile2nd percentile
Description

medium : CVE--2025--9232

Affected range<3.3.5-r0
Fixed version3.3.5-r0
EPSS Score0.026%
EPSS Percentile6th percentile
Description
critical: 0 high: 1 medium: 1 low: 2 openssh-keygen 9.7_p1-r5 (apk)

pkg:apk/alpine/openssh-keygen@9.7_p1-r5?arch=aarch64&distro=alpine-3.20.6&upstream=openssh

# tw-toolkit.Dockerfile (25:25)
RUN apk --no-cache add ca-certificates libssl3 git openssh-client

high : CVE--2023--51767

Affected range<=9.7_p1-r5
Fixed versionNot Fixed
EPSS Score0.004%
EPSS Percentile0th percentile
Description

medium : CVE--2025--32728

Affected range<=9.7_p1-r5
Fixed versionNot Fixed
EPSS Score0.030%
EPSS Percentile7th percentile
Description

low : CVE--2025--61985

Affected range<=9.7_p1-r5
Fixed versionNot Fixed
EPSS Score0.012%
EPSS Percentile1st percentile
Description

low : CVE--2025--61984

Affected range<=9.7_p1-r5
Fixed versionNot Fixed
EPSS Score0.013%
EPSS Percentile1st percentile
Description
critical: 0 high: 1 medium: 0 low: 0 c-ares 1.33.1-r0 (apk)

pkg:apk/alpine/c-ares@1.33.1-r0?arch=aarch64&distro=alpine-3.20.6

# tw-toolkit.Dockerfile (25:25)
RUN apk --no-cache add ca-certificates libssl3 git openssh-client

high : CVE--2025--31498

Affected range<=1.33.1-r0
Fixed versionNot Fixed
EPSS Score0.123%
EPSS Percentile32nd percentile
Description
critical: 0 high: 1 medium: 0 low: 0 libexpat 2.7.0-r0 (apk)

pkg:apk/alpine/libexpat@2.7.0-r0?arch=aarch64&distro=alpine-3.20.6&upstream=expat

# tw-toolkit.Dockerfile (25:25)
RUN apk --no-cache add ca-certificates libssl3 git openssh-client

high : CVE--2025--59375

Affected range<2.7.2-r0
Fixed version2.7.2-r0
EPSS Score0.102%
EPSS Percentile29th percentile
Description
critical: 0 high: 0 medium: 0 low: 2 ssl_client 1.36.1-r29 (apk)

pkg:apk/alpine/ssl_client@1.36.1-r29?arch=aarch64&distro=alpine-3.20.6&upstream=busybox

# tw-toolkit.Dockerfile (24:24)
FROM ${ALPINE_IMAGE}

low : CVE--2025--46394

Affected range<=1.36.1-r30
Fixed versionNot Fixed
EPSS Score0.015%
EPSS Percentile2nd percentile
Description

low : CVE--2024--58251

Affected range<=1.36.1-r30
Fixed versionNot Fixed
EPSS Score0.017%
EPSS Percentile3rd percentile
Description