VYPR

apk package

chainguard/apache-activemq-6.2

pkg:apk/chainguard/apache-activemq-6.2

Vulnerabilities (5)

  • CVE-2026-22745MedApr 29, 2026
    affected < 6.2.5-r3fixed 6.2.5-r3

    Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is

  • CVE-2026-22741LowApr 29, 2026
    affected < 6.2.5-r3fixed 6.2.5-r3

    Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is configuri

  • CVE-2026-40453CriApr 27, 2026
    affected < 6.2.5-r5fixed 6.2.5-r5

    The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP Header

  • CVE-2026-34480HigApr 10, 2026
    affected < 6.2.4-r1fixed 6.2.4-r1

    Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whene

  • CVE-2026-34197HigKEVApr 7, 2026
    affected < 6.2.4-r0fixed 6.2.4-r0

    Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permi