{"id":"CGA-whr8-rvr4-642r","modified":"2026-01-28T03:33:17.045544Z","published":"2025-04-18T00:25:06.989524Z","withdrawn":"2026-01-28T03:33:17.045544Z","related":["CGA-whr8-rvr4-642r","CVE-2025-22872","GHSA-vvgc-356p-c3xw"],"affected":[{"package":{"name":"zarf","ecosystem":"Chainguard","purl":"pkg:apk/chainguard/zarf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.52.0-r0"}]}],"database_specific":{"source":"https://packages.cgr.dev/chainguard/osv/CGA-whr8-rvr4-642r.json"}},{"package":{"name":"zarf","ecosystem":"Wolfi","purl":"pkg:apk/wolfi/zarf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.52.0-r0"}]}],"database_specific":{"source":"https://packages.cgr.dev/chainguard/osv/CGA-whr8-rvr4-642r.json"}}],"schema_version":"1.7.3"}