Affected by GO-2023-1901
and 7 other vulnerabilities
GO-2023-1901: Pipelines do not validate child UIDs in github.com/tektoncd/pipeline
GO-2026-4730: Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline
GO-2026-4761: Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod in github.com/tektoncd/pipeline
GO-2026-5272: Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE in github.com/tektoncd/pipeline
GO-2026-5486: Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion in github.com/tektoncd/pipeline
GO-2026-5630: Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching in github.com/tektoncd/pipeline
GO-2026-5643: Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check in github.com/tektoncd/pipeline
GO-2026-5711: Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL in github.com/tektoncd/pipeline
Package common provides constants, errors, labels, annotations and helpers that are commonly needed by resolvers and clients need during remote resource resolution.
Package common provides constants, errors, labels, annotations and helpers that are commonly needed by resolvers and clients need during remote resource resolution.