Msrc Cbl2 Reaper 3.1.1-22 On Cbl Mariner 2.0 vulnerabilities

7 known vulnerabilities affecting msrc/cbl2_reaper_3.1.1-22_on_cbl_mariner_2.0.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-33671HIGHCVSS 7.52026-03-10
CVE-2026-33671 [HIGH] CWE-1333 Picomatch has a ReDoS vulnerability via extglob quantifiers Picomatch has a ReDoS vulnerability via extglob quantifiers Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes
msrc
CVE-2026-33672MEDIUMCVSS 5.32026-03-10
CVE-2026-33672 [MEDIUM] CWE-1321 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes
msrc
CVE-2026-2739MEDIUMCVSS 5.52026-02-10
CVE-2026-2739 [MEDIUM] CWE-835 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, han This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely. Mariner: Mariner snyk: snyk Custom
msrc
CVE-2025-15284HIGHCVSS 7.52025-12-09
CVE-2025-15284 [MEDIUM] CWE-20 arrayLimit bypass in bracket notation allows DoS via memory exhaustion arrayLimit bypass in bracket notation allows DoS via memory exhaustion Mariner: Mariner harborist: harborist Customer Action Required: Yes
msrc
CVE-2025-9288HIGHCVSS 7.72025-08-12
CVE-2025-9288 [CRITICAL] CWE-20 Missing type checks leading to hash rewind and passing on crafted data Missing type checks leading to hash rewind and passing on crafted data FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op
msrc
CVE-2024-6485MEDIUMCVSS 6.42024-07-09
CVE-2024-6485 [MEDIUM] CWE-79 XSS in Bootstrap button component XSS in Bootstrap button component Mariner: Mariner HeroDevs: HeroDevs Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2021-23445MEDIUMCVSS 6.12021-09-14
CVE-2021-23445 [LOW] CWE-79 Cross-site Scripting (XSS) Cross-site Scripting (XSS) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparenc
msrc