Affected by GO-2023-1901
and 7 other vulnerabilities
GO-2023-1901: Pipelines do not validate child UIDs in github.com/tektoncd/pipeline
GO-2026-4730: Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline
GO-2026-4761: Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod in github.com/tektoncd/pipeline
GO-2026-5272: Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE in github.com/tektoncd/pipeline
GO-2026-5486: Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion in github.com/tektoncd/pipeline
GO-2026-5630: Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching in github.com/tektoncd/pipeline
GO-2026-5643: Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check in github.com/tektoncd/pipeline
GO-2026-5711: Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL in github.com/tektoncd/pipeline
IsSame will return an error indicating if there are extra or missing strings
between the required and provided strings, or will return no error if the two
contain the same values.