VYPR

apk package

chainguard/apache-jena-fuseki

pkg:apk/chainguard/apache-jena-fuseki

Vulnerabilities (5)

  • CVE-2026-49268Jun 17, 2026
    affected < 6.1.0-r3fixed 6.1.0-r3

    A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attack

  • CVE-2026-2332HigApr 14, 2026
    affected < 6.0.0-r5fixed 6.0.0-r5

    In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty term

  • CVE-2026-34480HigApr 10, 2026
    affected < 6.0.0-r5fixed 6.0.0-r5

    Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whene

  • CVE-2026-1605Mar 5, 2026
    affected < 6.0.0-r3fixed 6.0.0-r3

    In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed. This happens because the JDK Inflater is allocated

  • CVE-2026-23901Feb 10, 2026
    affected < 6.0.0-r2fixed 6.0.0-r2

    Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are