VYPR

apk package

chainguard/apache-pulsar-fips-4.1

pkg:apk/chainguard/apache-pulsar-fips-4.1

Vulnerabilities (4)

  • CVE-2026-42577HigMay 13, 2026
    affected < 4.1.3-r10fixed 4.1.3-r10

    Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some

  • CVE-2026-24308Mar 7, 2026
    affected < 4.1.3-r7fixed 4.1.3-r7

    Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering p

  • CVE-2026-24281Mar 7, 2026
    affected < 4.1.3-r7fixed 4.1.3-r7

    Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note

  • CVE-2025-67721Dec 12, 2025
    affected < 4.1.3-r1fixed 4.1.3-r1

    Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffe