VYPR

apk package

chainguard/airflow-core-3-compat

pkg:apk/chainguard/airflow-core-3-compat

Vulnerabilities (6)

  • CVE-2025-66471Dec 5, 2025
    affected < 3.1.3-r1fixed 3.1.3-r1

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chu

  • CVE-2025-66418Dec 5, 2025
    affected < 3.1.3-r1fixed 3.1.3-r1

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a

  • CVE-2025-54121MedJul 21, 2025
    affected < 3.0.3-r2fixed 3.0.3-r2

    Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will bl

  • CVE-2024-47081MedJun 9, 2025
    affected < 3.0.2-r0fixed 3.0.2-r0

    Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc

  • CVE-2025-47278LowMay 13, 2025
    affected < 3.0.1-r1fixed 3.0.1-r1

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` librar

  • CVE-2024-12797MedFeb 11, 2025
    affected < 3.1.1-r1fixed 3.1.1-r1

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections u