CVE(s) found in v0.20.19 #1571
Description
Latest lifecycle release v0.20.19 triggered CVE(s) from Grype. For further details, see: https://github.com/buildpacks/lifecycle/actions/runs/20218650744 json: {
"id": "CVE-2025-61727",
"severity": "Medium",
"description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com."
}
{
"id": "CVE-2025-61727",
"severity": "Medium",
"description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com."
}
{
"id": "CVE-2025-61729",
"severity": "High",
"description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
}
{
"id": "CVE-2025-61729",
"severity": "High",
"description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
}