Skip to content

CVE(s) found in v0.21.7 #1626

Open
Open
CVE(s) found in v0.21.7#1626
Labels
cvestatus/triagetype/bugSomething isn't working
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 30, 2026

Latest lifecycle release v0.21.7 triggered CVE(s) from Grype. For further details, see: https://github.com/buildpacks/lifecycle/actions/runs/23725950205 json: {
"id": "GHSA-x744-4wpc-v9h2",
"severity": "High",
"description": "Moby has AuthZ plugin bypass when provided oversized request bodies"
}
{
"id": "GHSA-pxq6-2prw-chj9",
"severity": "Medium",
"description": "Moby has an Off-by-one error in its plugin privilege validation"
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    cvestatus/triagetype/bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions