Vulnerabilities

 1 via 1 paths

Dependencies

 71

Source

 Group 6 Copy Created with Sketch. Docker

Target OS

 alpine:3.23.4
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity
new

Access of Resource Using Incompatible Type ('Type Confusion')

  • Vulnerable module: libxml2/libxml2
  • Introduced through: libxml2/libxml2@2.13.9-r0
  • Fixed in: 2.13.9-r1

Detailed paths

  • Introduced through: nginx@alpine libxml2/libxml2@2.13.9-r0

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Alpine. See How to fix? for Alpine:3.23 relevant fixed versions and status.

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Remediation

Upgrade Alpine:3.23 libxml2 to version 2.13.9-r1 or higher.

References

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability report