VYPR

apk package

chainguard/airflow-2-iamguarded-compat

pkg:apk/chainguard/airflow-2-iamguarded-compat

Vulnerabilities (24)

  • CVE-2025-27152Mar 7, 2025
    affected < 2.11.0-r15fixed 2.11.0-r15

    axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka

  • CVE-2024-52338Nov 28, 2024
    affected < 2.11.0-r15fixed 2.11.0-r15

    Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example, user-suppli

  • CVE-2024-39338Aug 9, 2024
    affected < 2.11.0-r15fixed 2.11.0-r15

    axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

  • CVE-2015-7764HigAug 9, 2017
    affected < 2.11.0-r15fixed 2.11.0-r15

    Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.

Page 2 of 2