VYPR

apk package

chainguard/apache-pulsar-fips-4.2

pkg:apk/chainguard/apache-pulsar-fips-4.2

Vulnerabilities (22)

  • CVE-2026-33870Mar 27, 2026
    affected < 4.2.1-r0fixed 4.2.1-r0

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final an

  • CVE-2026-1605Mar 5, 2026
    affected < 4.2.1-r0fixed 4.2.1-r0

    In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed. This happens because the JDK Inflater is allocated

Page 2 of 2